Thanks for the thorough review (would be cool to add the stats to your stats
page, presuming you have the time!).
Right, my plan is just to continue enforcing TLS for google/gmail domains and
not bother with MTA-STS unless more
domains follow the Google anti-DNSSEC cargo cult going forward. Stil
On Sat, Jul 04, 2020 at 05:45:18PM -0400, Viktor Dukhovni wrote:
> On Sat, Jul 04, 2020 at 04:35:01PM -0400, Matt Corallo wrote:
>
> > Right, I figured they were from your stats, but figured I'd ask since
> > I never saw any MTA-STS data on your site :)
>
> We don't presently track MTA-STS numbe
On Sat, Jul 04, 2020 at 04:35:01PM -0400, Matt Corallo wrote:
> Right, I figured they were from your stats, but figured I'd ask since
> I never saw any MTA-STS data on your site :)
We don't presently track MTA-STS numbers. They're easy enough to collect
on an ad-hoc basis. Speaking of which, lo
Right, I figured they were from your stats, but figured I'd ask since I never
saw any MTA-STS data on your site :)
Anyway, I'm happy I didn't misunderstand the state of things, at least. Looking
forward to getting a
"secure-but-also-dane" option in smtp_tls_policy_maps eventually :)
Matt
On 7/
On Sat, Jul 04, 2020 at 01:20:59PM -0700, Matt Corallo wrote:
> Oh wow, thanks for the numbers. Where did you get those, btw?
https://stats.dnssec-tools.org/
https://stats.dnssec-tools.org/about.html
> I guess, indeed, it’s not much of an issue until 2021 when outlook
> deploys DANE for
Oh wow, thanks for the numbers. Where did you get those, btw? I guess, indeed,
it’s not much of an issue until 2021 when outlook deploys DANE for inbound (at
least so they claim), at which point a substantial volume of mail will hit this.
Of course but the time most users adopt code written toda
On Sat, Jul 04, 2020 at 02:34:15PM -0400, Matt Corallo wrote:
> Thanks for the response, will see if it makes sense to at least disable
> MTA-STS for DANE-enabled domains at
> https://github.com/Snawoot/postfix-mta-sts-resolver/issues/67.
I don't think that's presently warranted. There are few
Thanks for the response, will see if it makes sense to at least disable MTA-STS
for DANE-enabled domains at
https://github.com/Snawoot/postfix-mta-sts-resolver/issues/67.
On 7/4/20 2:10 PM, Viktor Dukhovni wrote:
> On Sat, Jul 04, 2020 at 01:54:14PM -0400, Matt Corallo wrote:
>
>> The only refer
On Sat, Jul 04, 2020 at 01:54:14PM -0400, Matt Corallo wrote:
> The only reference google appears to find on this list to MTA-STS indicates
> that folks should use an external MTA-STS
> resolver as a part of smtp_tls_policy_maps (the one by Snawoot on GitHub
> appears to be good). Sadly, I don't
The only reference google appears to find on this list to MTA-STS indicates
that folks should use an external MTA-STS
resolver as a part of smtp_tls_policy_maps (the one by Snawoot on GitHub
appears to be good). Sadly, I don't believe its
possible to properly capture the DANE/MTA-STS interaction
10 matches
Mail list logo
