I wouldn’t say fashionista… More of an experiment since its easy to replace the tickets. I wanted to try something a wee bit more secure. There’s actually a downstream reason for this…
But of course, I’m still at a loss as to why the initial rDNS handshake as well as attempts to hit zen.spamhaus for a lookup are also failing. Could it be a firewall port that I have blocked? I’m not sure how Postfix is doing the initial rDNS lookup to validate hostname. > On Apr 24, 2017, at 11:40 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > >> On Apr 24, 2017, at 10:20 AM, Michael Segel <dovecot_...@hotmail.com> wrote: >> >> (Of course the cert is 8192 which may be a bit excessive over 2048) > > Don't be a crypto fashionista. Generate a 2048-bit key and obtain and > deploy a corresponding 2048-bit certificate. > > -- > Viktor. >
