* Dirk Stöcker <postfix-users@postfix.org>: > Hello, > > after nearly a year I was now able to setup a testing domain which > supports DANE with a German domain provider. Now I'm in the testing > stage to see if I did everything right. > > DNSSEC-validation is fine: > http://dnssec-debugger.verisignlabs.com/cryptedmail.eu > > DANE/TLSA existence is fine: > https://www.tlsa.info/detail/mail.cryptedmail.eu > > Verification is ? > https://www.had-pilot.com/dane/danelaw.html > - TLSLite Client says all is fine > - GnuTLS and OpenSSL both give an unspecified error (could this be due to > missing SNI support?). > > Last test is only testing the 443 port and not 25 and the other mail ports. > > Is there any service, which verifies validity of TLSA records for > the mail ports and gives more specific output in case of errors?
There will be one in about a week from now. It's currently beta stage. There are still a few bugs to squash. ;) Here's the output for your domain: mail.cryptedmail.eu 78.46.160.105 info mail.cryptedmail.eu. IN A 78.46.160.105 info SSL: protocol = TLSv1.2, cipher = ECDHE-RSA-AES256-GCM-SHA384 (256 bits) info Passed(depth 0): mail.cryptedmail.eu. IN TLSA 3 0 1 CB2DC082058D54D8760B2467F0758AE4BB738D3FCD6006CB8A77F8DEA65F98D1 OK a working TLSA RR was found 2a01:4f8:d13:3800:0:0:f:1 info mail.cryptedmail.eu. IN AAAA 2a01:4f8:d13:3800:0:0:f:1 info SSL: protocol = TLSv1.2, cipher = ECDHE-RSA-AES256-GCM-SHA384 (256 bits) info Passed(depth 0): mail.cryptedmail.eu. IN TLSA 3 0 1 CB2DC082058D54D8760B2467F0758AE4BB738D3FCD6006CB8A77F8DEA65F98D1 OK a working TLSA RR was found mail.cryptedmail.eu. IN MX 0 mail.cryptedmail.eu. usable TLSA record: _25._tcp.mail.cryptedmail.eu. IN TLSA 3 0 1 CB2DC082058D54D8760B2467F0758AE4BB738D3FCD6006CB8A77F8DEA65F98D1 HTH p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
