On Fri, Nov 25, 2022 at 09:35:28AM -0500, Wietse Venema wrote:
> > However, in this case the issue is a minor oversight in the Postfix TLS
> > client code. The intended logging behaviour does not happen. Patch
> > below:
>
> Is there an equivalent for the still supported Postfix version 3.5?
> That would also fix Postfix version 3.4 which has the same code.
It looks like the 3.5 and earlier code correctly reports "Trusted" for
connections where the TLSA records match, but the destination MX RRset
was not signed. The issue was introduced when I converted to the
Postfix TLS client to use the native DANE support in OpenSSL.
--
Viktor.
