Dear Viktor,
On 09/26/18 16:46, Paul Menzel wrote:
> On 09/26/18 09:37, Viktor Dukhovni wrote:
>
>>> On Sep 26, 2018, at 2:57 AM, Bernhard Schmidt wrote:
>>>
>>> Large parts of the german universities now use the DFN MailSupport
>>> (= inbound mailrelaying and filtering by DFN). The MX records
Dear Viktor, dear Bernhard,
On 09/26/18 09:37, Viktor Dukhovni wrote:
>> On Sep 26, 2018, at 2:57 AM, Bernhard Schmidt wrote:
>>
>> Large parts of the german universities now use the DFN MailSupport
>> (= inbound mailrelaying and filtering by DFN). The MX records are
>> in mx.srv.dfn.de, whic
> On Sep 26, 2018, at 2:29 AM, Paul Menzel wrote:
>
>> FWIW, the certificates found among DANE-enabled domains with DFN-Verein
>> issued certificates list the below organizations:
>> Subject Organization = Bayerische Akademie der Wissenschaften
>> Subject Organization = Bergische Univ
> On Sep 26, 2018, at 2:57 AM, Bernhard Schmidt wrote:
>
> Large parts of the german universities now use the DFN MailSupport (=
> inbound mailrelaying and filtering by DFN). The MX records are in
> mx.srv.dfn.de, which is not signed (whole dfn.de is not signed). So you
> can have your own zon
Am 25.09.18 um 17:34 schrieb Viktor Dukhovni:
>
>
>> On Sep 25, 2018, at 9:29 AM, Paul Menzel wrote:
>>
>> We want to improve that. Unfortunately, DANE is not an option as the DFN
>> does not support that,
>
> What do you mean by "DFN does not support that"? If by "DFN" you mean
> "DFN-Verein"
Dear Viktor,
Am 25.09.2018 um 17:42 schrieb Viktor Dukhovni:
On Sep 25, 2018, at 11:34 AM, Viktor Dukhovni
wrote:
The DANE survey finds 21 domains with DFN-Verein certificates and working
DANE. There are almost certainly some that don't have DANE TLSA records,
but they could if they wanted
> On Sep 25, 2018, at 11:58 AM, Wietse Venema wrote:
>
>> As for "soft failure" with "verify"
>> (or "secure"), that's not presently supported in Postfix.
>
> What about using smtp_delivery_status_filter?
By "soft failure", I meant the OP's request to deliver anyway and
just log a warning.
Viktor Dukhovni:
> The DANE survey finds 21 domains with DFN-Verein certificates and working
> DANE. There are almost certainly some that don't have DANE TLSA records,
> but they could if they wanted to. As for "soft failure" with "verify"
> (or "secure"), that's not presently supported in Postfi
> On Sep 25, 2018, at 11:34 AM, Viktor Dukhovni
> wrote:
>
> The DANE survey finds 21 domains with DFN-Verein certificates and working
> DANE. There are almost certainly some that don't have DANE TLSA records,
> but they could if they wanted to.
FWIW, the certificates found among DANE-enabl
> On Sep 25, 2018, at 9:29 AM, Paul Menzel wrote:
>
> We want to improve that. Unfortunately, DANE is not an option as the DFN
> does not support that,
What do you mean by "DFN does not support that"? If by "DFN" you mean
"DFN-Verein", their certificates pose no compatibility issues with DAN
Dear Postfix folks,
Currently, our `/etc/postfix/tls_policy` looks like below to force
encryption when sending messages to other servers in our organization.
mpg.deencrypt
.mpg.de encrypt
We want to improve that. Unfortunately, DA
11 matches
Mail list logo
