On Wed, Aug 12, 2020 at 07:58:56AM +0200, Benny Pedersen wrote:
> in my own main.cf i added
>
> smtp_tls_dane_insecure_mx_policy = may
Yes, that will enable you to send mail to the roundcube list.
> Should postfix default be changed to
>
> smtp_tls_dane_insecure_mx_policy = dane_only
Definite
Viktor Dukhovni skrev den 2020-08-12 06:11:
and now also lists.roundcube.net.
I sent them a note about this back on May 27th, perhaps it did not get
to the right people. I just sent another. Their email has been
degraded since 2020/05/25.
in my own main.cf i added
smtp_tls_dane_insecure_m
On Wed, Aug 12, 2020 at 12:06:42AM -0400, Viktor Dukhovni wrote:
> The MX host has TLSA records:
>
> _25._tcp.mx.kolabsys.com. IN TLSA 3 0 1
> 69907f765ac23c5d36a3e1ca639077e74806b047ea2fa67e0ad43ce27e821c27
> _25._tcp.mx.kolabsys.com. IN TLSA 3 0 1
> b1a526159ed3e48f4ea0a9c6d348dbda202
On Wed, Aug 12, 2020 at 04:36:11AM +0200, Benny Pedersen wrote:
> posttls-finger lists.roundcube.net
The default TLS security level for "posttls-finger" is "dane". The MX
records (RRset) of that domain are not DNSSEC signed, so the use of
DANE TLSA records cannot fully protect email transport fo
