On Fri, Jul 31, 2015 at 12:07:02PM -0400, Mike wrote:
> > The key success metric will be whether you'll still remember that
> > you published TLSA records when it is tme to deploy a new SSL
> > certificate.
> >
> > https://dane.sys4.de/common_mistakes#3
> > https://dane.sys4.de/common_mis
On 7/31/2015 11:54 AM, Viktor Dukhovni wrote:
> On Fri, Jul 31, 2015 at 11:47:55AM -0400, Mike wrote:
>
>> To test the server's configuration, I found this site:
>> https://dane.sys4.de/
>> that lets me know if Postfix server DANE (along with DNSSEC and TLSA) is
>> working as expected. So far, ev
On Fri, Jul 31, 2015 at 11:47:55AM -0400, Mike wrote:
> To test the server's configuration, I found this site:
> https://dane.sys4.de/
> that lets me know if Postfix server DANE (along with DNSSEC and TLSA) is
> working as expected. So far, everything is working quite well.
The key success metri
On 7/26/2015 2:11 PM, Wietse Venema wrote:
> Mike:
>> Postfix 2.11.5 on FreeBSD 10.1 AMD64
>>
>> I'm starting to look at implementing DANE on Postfix, and I have a
>> question or two...
>>
>> Reading the info here:
>> http://www.postfix.org/TLS_README.html#client_tls_dane
>>
>> I see the following
On 7/26/2015 2:11 PM, Wietse Venema wrote:
[snip]
>
> Postfix needs to be build on a system where libresolv supports
> DNSSEC. This is already available in a FreeBSD 7.2 virtual machine
> that I have lying around.
I'm running on FreeBSD 10.1, and it looks fine.
Many thanks for the comments.
On 7/26/2015 2:06 PM, Viktor Dukhovni wrote:
> On Sun, Jul 26, 2015 at 01:50:58PM -0400, Mike wrote:
[snip]
>
>> Is there a way to see if this prerequisite has been satisfied by the
>> version of Postfix I am running on my system.
>
> Send mail to one of the known DANE TLSA domains (after enablin
Mike:
> Postfix 2.11.5 on FreeBSD 10.1 AMD64
>
> I'm starting to look at implementing DANE on Postfix, and I have a
> question or two...
>
> Reading the info here:
> http://www.postfix.org/TLS_README.html#client_tls_dane
>
> I see the following prerequisite:
> "A compile-time DNS resolver librar
On Sun, Jul 26, 2015 at 01:50:58PM -0400, Mike wrote:
> I'm starting to look at implementing DANE on Postfix, and I have a
> question or two...
>
> Reading the info here:
> http://www.postfix.org/TLS_README.html#client_tls_dane
>
> I see the following prerequisite:
>
> "A compile-time DNS resolv
Postfix 2.11.5 on FreeBSD 10.1 AMD64
I'm starting to look at implementing DANE on Postfix, and I have a
question or two...
Reading the info here:
http://www.postfix.org/TLS_README.html#client_tls_dane
I see the following prerequisite:
"A compile-time DNS resolver library that supports DNSSEC. Po
