Very helpful..
On 13/10/2017 7:13 PM, Viktor Dukhovni wrote: > On Fri, Oct 13, 2017 at 04:53:57AM +0000, Mal wrote: > >> Wondering if Postfix logs any DANE operations? > > With DANE turned on, when you send email to a destination with > DNSSEC and correctly configured TLSA records, the delivery is logged > as "Verified" at smtp_tls_loglevel=1. Barring any explicit tls > policies for some special domains, anything that is logged as "Verified" > used DANE to do reach that state. Is loglevel=1 the only level it logs the verified entry on ? Or is this the minimum logging level. ie, when verbose OR very verbose you will also see it. > While it is good to enable DANE TLSA records for your own MTA, so > that *other* domains can send you email securely, this has nothing > to do with how your own outbound mail is logged. In the inbound > direction the receiving MTA is passive, and does not know how or > whether the sending MTA verified its certificate. > Pretty good list to check against. Mal
