Thank you Victor, but the code in the mail log is 450 which, whether it is
generated by the DNS or postfix is still a "try again later."
My post to the group is a "thank you" not a "I need help."
We run our own DNS which is authoritative for our domain and uses root hints to
retrieve addresses
Dear Postfix folks,
Am 17.02.22 um 10:57 schrieb Paul Menzel:
Using Postfix 3.6.0-rc1, for an email sent to x.y.molgen.mpg.de it looks
up the TLSA records for y.molgen.mpg.de instead of x.y.molgen.mpg.de:
2022-02-12T12:02:21+01:00 tldr postfix/smtp[25656]: warning: TLS policy
lookup fo
On Mon, Nov 15, 2021 at 11:58:02AM +0800, Philip Paeps wrote:
> On 2021-11-15 11:36:00 (+0800), Benny Pedersen wrote:
> > plantmarknaden.com
> >
> > https://dane.sys4.de/smtp/plantmarknaden.com
> > https://dnsviz.net/d/plantmarknaden.com/dnssec/
> >
> > why diffrent results ?
>
> I don't see 'dif
On 2021-11-15 11:36:00 (+0800), Benny Pedersen wrote:
plantmarknaden.com
https://dane.sys4.de/smtp/plantmarknaden.com
https://dnsviz.net/d/plantmarknaden.com/dnssec/
why diffrent results ?
I don't see 'different' results. That domain is broken.
Neither of the listed DNS servers are returnin
thanks Viktor
El 28/03/2021 a las 1:21, Viktor Dukhovni escribió:
On Sun, Mar 28, 2021 at 01:08:44AM +0100, Francesc Peñalvez wrote:
Right now dnssec is activated in the external manager zoneedit.com, in
which I cannot modify the type of encryption or the length of the key.
If there are no k
On Sun, Mar 28, 2021 at 01:08:44AM +0100, Francesc Peñalvez wrote:
> Right now dnssec is activated in the external manager zoneedit.com, in
> which I cannot modify the type of encryption or the length of the key.
If there are no key size or algorithm settings in zoneedit.com, then
indeed you're
Right now dnssec is activated in the external manager zoneedit.com, in
which I cannot modify the type of encryption or the length of the key.
And if I am looking to activate inbound and outbound dnssec with my postfix
El 28/03/2021 a las 1:03, Viktor Dukhovni escribió:
On Sat, Mar 27, 2021 at
On Sat, Mar 27, 2021 at 01:59:56PM +0100, Francesc Peñalvez wrote:
> I have a connection of the domestic type, with 7 computers in an
> internal network, in which I do not have access to make any changes to
> the ip. I use external dns service to manage the bind9 service,
> although I have another
I have a connection of the domestic type, with 7 computers in an
internal network, in which I do not have access to make any changes to
the ip. I use external dns service to manage the bind9 service, although
I have another installed and running locally.
Both in the external and internal service
On Sat, Mar 27, 2021 at 12:51:36PM +0100, Francesc Peñalvez wrote:
> I have the dns of the domain managed externally, configured with
> dnssec, and another host running postfix. How could I integrate that
> postfix use the dnssec configuration? Would it be enough to add the
> dns of the external s
On 4/17/20 4:29 PM, Viktor Dukhovni wrote:
> More at:
all links appreciated.
the summary's particularly nicely readable by those of among the minion masses
of normal humans ;-)
> Postfix documentation covers the client side
still among the best, most-exhaustively detailed s/docs/reference man/
On Fri, Apr 17, 2020 at 03:59:49PM -0700, PGNet Dev wrote:
> Real World DANE Inter-domain email transport
>
> https://static.ptbl.co/static/attachments/169319/1520904692.pdf
More at:
https://github.com/baknu/DANE-for-SMTP/wiki/2.-Implementation-resources
Specific issues:
https://g
On Sat, Feb 23, 2019 at 06:20:02PM +0100, Benny Pedersen wrote:
> sorry for OT but
>
> named[29088]: validating ebokssmtp.e-boks.dk/A: no valid signature found
> named[29088]: validating advisering.e-boks.dk/MX: no valid signature found
> named[29088]: validating e-boks.dk/SOA: no valid signature
On December 31, 2014 12:37:52 PM Viktor Dukhovni
wrote:
On Wed, Dec 31, 2014 at 12:45:20AM -0500, John wrote:
> https://tools.ietf.org/draft-ietf-dane-ops-07#section-8.1
> https://tools.ietf.org/draft-ietf-dane-ops-07#section-8.4
Sorry,
Don't worry about it.
https://tools.ietf.or
On Wed, Dec 31, 2014 at 12:23:16AM -0500, John wrote:
> >>smtpd_use_tls = yes
> >>smtpd_tls_security_level = may
>
> Just so I get this right "/smtpd_tls_security_level = dane/" is acceptable,
No, DANE TLS is for the sending (verifying) MTA only.
--
Viktor.
On Wed, Dec 31, 2014 at 12:45:20AM -0500, John wrote:
> https://tools.ietf.org/draft-ietf-dane-ops-07#section-8.1
> https://tools.ietf.org/draft-ietf-dane-ops-07#section-8.4
Sorry,
https://tools.ietf.org/html/draft-ietf-dane-ops-07#section-8.1
https://tools.ietf.org/html/draft-ietf-dane-
/smtpd_tls_security_level = dane/.
postconf does not show any error for the above, but postfix itself does
"fatal: invalid TLS level "dane" - I have switched back to may
--
John Allen
KLaM
--
You are off the edge of the map, mate. Here there be monsters!
https://tools.ietf.org/draft-ietf-dane-ops-07#section-8.1
https://tools.ietf.org/draft-ietf-dane-ops-07#section-8.4
Both of the above return "object not found" I assume that as they are
both draft docs they come and go as the editors update them.
I will keep an eye on the site, hopefully catch t
On 12/30/2014 11:19 PM, Viktor Dukhovni wrote:
On Tue, Dec 30, 2014 at 07:47:24PM -0500, John wrote:
I have setup my DNS server for DNSSEC + DANE. I am using inline signing on
Bind9 and it appears to be working for HTTPS access.
I have a minor problem with key rolling, it seems to be a rather c
On Tue, Dec 30, 2014 at 07:47:24PM -0500, John wrote:
> I have setup my DNS server for DNSSEC + DANE. I am using inline signing on
> Bind9 and it appears to be working for HTTPS access.
> I have a minor problem with key rolling, it seems to be a rather cumbersome
> process at the moment, but I sus
On 12/30/2014 7:58 PM, wie...@porcupine.org (Wietse Venema) wrote:
Wietse Venema:
John:
*Dec 30 19:16:35 bilbo postfix/smtp[3376]: warning: [127.0.0.1]:10024:
dane configured with dnssec lookups disabled*
Have you noticed the "unused parameter" warning for smtp_dns_supporta_level?
That is, wh
Wietse Venema:
> John:
> > *Dec 30 19:16:35 bilbo postfix/smtp[3376]: warning: [127.0.0.1]:10024:
> > dane configured with dnssec lookups disabled*
>
> Have you noticed the "unused parameter" warning for smtp_dns_supporta_level?
That is, when you use the postconf command to show the
configurati
John:
> *Dec 30 19:16:35 bilbo postfix/smtp[3376]: warning: [127.0.0.1]:10024:
> dane configured with dnssec lookups disabled*
Have you noticed the "unused parameter" warning for smtp_dns_supporta_level?
Wietse
On Wed, Feb 26, 2014 at 01:32:09PM -0500, Charles Marcus wrote:
> Well, I sent them the two responses I got here (from rob0 and
> Victor), and, in addition to what I think is the real reason,
> here is what they came back with:
>
> >domains are more likely to go down do to poor DNSSEC
> >administ
On 2/25/2014 10:32 AM, Viktor Dukhovni wrote:
My domains are (or will be when the transfer completes) signed with
NSEC3. RFC 5155 (NSEC3) was published in 2008. The root zone was
signed around 2010. DNSSEC is up and running.
Well, I sent them the two responses I got here (from rob0 and Victor
On Tue, Feb 25, 2014 at 09:07:13AM -0600, /dev/rob0 wrote:
> > Curious what others (especially Victor) think of this response.
> > Why are they 'firmly against' NSEC's 'enumeration of domains'
> > feature, and the comment about 'very real issues...'...
>
> Good questions. I don't know. I don't ca
On Tue, Feb 25, 2014 at 08:21:14AM -0500, Charles Marcus wrote:
> On 2/24/2014 3:52 PM, /dev/rob0 wrote:
> >On Mon, Feb 24, 2014 at 01:16:39AM +0100, Dirk Stöcker wrote:
> >>Oh yes - DNSSEC. When will it come? In hundred years?
> >
> >Dirk, do you mind explaining this? Are you having trouble
> >fi
On 2/24/2014 3:52 PM, /dev/rob0 wrote:
On Mon, Feb 24, 2014 at 01:16:39AM +0100, Dirk Stöcker wrote:
On Sun, 23 Feb 2014, Viktor Dukhovni wrote:
If you want scalable security for SMTP, become an early adopter
of DANE TLS, available in Postfix 2.11. Today, you'll be able
to opportunistically a
On Mon, 24 Feb 2014, /dev/rob0 wrote:
Oh yes - DNSSEC. When will it come? In hundred years?
Dirk, do you mind explaining this? Are you having trouble finding
DNSSEC-enabled DNS hosting?
Reading about it for years - always with "Delayed" as main information
(same like for IPv6). But OTOH dur
29 matches
Mail list logo
