On 7/26/2015 2:06 PM, Viktor Dukhovni wrote: > On Sun, Jul 26, 2015 at 01:50:58PM -0400, Mike wrote: [snip] > >> Is there a way to see if this prerequisite has been satisfied by the >> version of Postfix I am running on my system. > > Send mail to one of the known DANE TLSA domains (after enabling DANE > per the documentation): > > sendmail -bv postmas...@ietf.org > sendmail -bv postmas...@freebsd.org > sendmail -bv postmas...@debian.org > sendmail -bv postmas...@openssl.org > sendmail -bv postmas...@samba.org > sendmail -bv postmas...@torproject.org > > and check the logs to see whether the TLS authentication status was > "Verified".
I happened to subscribe to the dane-users mailing list a few minutes ago and [surprise!] its server is DANE-enabled. >> Another question - let's suppose I have succeeded in implementing DANE. >> Will I see any evidence of that success in the Postfix logs or message >> headers (such as I see for TLS)? > > Just the logs, when you send mail to a DANE-enabled domain. This is what I see in the log with a TLS-enabled server: postfix/smtp: Trusted TLS connection established to ... This is what I see for a DANE-enabled server: postfix/smtp: Verified TLS connection established to ... Now I need to wait a few more days for my MTA's domain to transfer to a DNSSEC-capable registrar and I'll set up it for DANE. Many thanks for the comments.
