On Sun, Feb 09, 2025 at 03:00:22AM +0100, Ömer Güven wrote:
> How did I misunderstand the settings if Wietse said that
> smtp_tls_dane_insecure_mx_policy only defaults to dane, when the
> smtp_tls_security_level variable is set to dane, else it defaults to
> may, regardless of the security level returned by
> smtp_tls_policy_maps?
It makes little sense to enable opportunistic "dane" only for a select
few destinations. If it is generally disabled, the best-effort DANE for
some, but not necessarily all MX hosts, and not necessarily the right
ones, isn't worth it. The parameter is not "useless" when based on the
global setting, rather than per-destination setting.
I am not opposed to starting with the per-destination setting, but that
requires new code, which is not clearly justified.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
