Michael Grimm via Postfix-users:
> Viktor Dukhovni via Postfix-users <[email protected]> wrote:
>
> > With the upcoming Postfix 3.11, assuming the features of recent
> > "nonprod" releases are deemed mature enough in time to be encluded,
> > you'd see logs such as:
> >
> > Sep 30 23:05:35 amnesiac postfix/smtp[793146]:
> > Verified TLS connection established to list.sys4.de[45.90.5.195]:25:
> > TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
> > key-exchange x25519 server-signature ECDSA (secp384r1) server-digest
> > SHA384
> > Sep 30 23:05:38 amnesiac postfix/smtp[793146]: 01E12901F9D:
> > to=<[email protected]>, relay=list.sys4.de[45.90.5.195]:25,
> > delay=5.4, delays=0.08/0.01/3.5/1.9, tls=dane, dsn=2.0.0, status=sent
> > (250 2.0.0 Ok: queued as 4cbdb56t4MzPjfw)
> >
> > The "tls=dane" element of the per-recipient delivery record confirms
> > that DANE was used successfully. My understanding is that This feature
> > is expected to be included:
> >
> > https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status
> > ...
> > This feature is available in Postfix 3.11 and later.
>
> Ever since Wietse's announcement in [1] I switched to FreeBSD's
> port postfix-development with a version of [2] as of today, but I
> do not see the "tls=dane" element, yet.
It's currently available in non-production releases. It will be
merged into the 'normal' release once there are no more major
revisions in how REQUIRETLS support is managed, without breakiung
integration with existing local infrastructure such as SMTP and
pipe-based content filters, internal MYTAs, Dovecot, and so on.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
