Hi, Pondering MTA-STS validation.
My understanding is the recommendation is to use DANE as the default (smtp_tls_security_level=dane), but if you want MTA-STS for select domains you can point them at a transport that requires X.509 validation. Realistically, Gmail and Yahoo do not care about my MTA-STS reports. All they care about is that I validate their X.509 certs. Is there any reason to use something like mta-sts-daemon in that transport instead of just setting smtp_tls_security_level=verify ? Thanks, ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Absolute FreeBSD, Butterfly Stomp Waltz, TLS Mastery, etc... ### New books: DNSSEC Mastery, Letters to ed(1), $ git sync murder ### _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
