Thank you!
On 04/05/2017 08:28 PM, Viktor Dukhovni wrote:
On Apr 5, 2017, at 10:33 PM, Alice Wonder wrote:
I just updated one of my mail servers to self-signed. The signed certificate
expires in few weeks so I can switch back if I did something wrong.
https://ssl-tools.net/mailservers/devia
> On Apr 5, 2017, at 10:33 PM, Alice Wonder wrote:
>
> I just updated one of my mail servers to self-signed. The signed certificate
> expires in few weeks so I can switch back if I did something wrong.
>
> https://ssl-tools.net/mailservers/deviant.email
>
> That gives a red flag for Unknown Au
On 04/05/2017 07:33 PM, Alice Wonder wrote:
I *think* the answer to this is that I am fine.
Last year I only used CA issued certificates.
This year, I am wanting to move to self-signed for SMTP and for
infrastructure domains that are not intended for the public where DANE
can validate. I am con
I *think* the answer to this is that I am fine.
Last year I only used CA issued certificates.
This year, I am wanting to move to self-signed for SMTP and for
infrastructure domains that are not intended for the public where DANE
can validate. I am convinced DANE does a better job at validating
Assuming the header check works, I'd run that on a different instance
of postfix and route the specific outside servers to that instance via
the firewall...
Quoting John Stoffel :
Well, I've confirmed that EOP (protection.outloko.com, our external
Spam filter provider) is adding in the "Del