Zitat von Viktor Dukhovni :
On Wed, Apr 23, 2014 at 04:54:44PM +0200, lst_ho...@kwsoft.de wrote:
Are there any experience with DNSSEC capable DNS Providers at the lower cost
range suitable for KMU?
I've not looked at the cost of full-service DNS outsourcing. Some
of the .org registrars are
re: Feature Discussion: Handling large numbers of IPv6 Remote Sessions
in Anvil
Wietse wrote:
Anvil currently does not consider whether IP addresses in the same
address range. There are plenty legitimate mail servers in the
same /24 block, and I expect that IPv6 will be no different.
When t
Ray Hunter:
> Does anyone have any idea what is a realistic number of remote sessions
> that a single smptd can concurrently process?
Exactly one. More in the case of postscreen. As hinted at by Robert
Schetterer, DDOS attacks are preferably not handled way up at the
application layer, but rathe
On 25 Apr 2014, at 12:23, lst_ho...@kwsoft.de wrote:
> Zitat von Viktor Dukhovni :
>
>> On Wed, Apr 23, 2014 at 04:54:44PM +0200, lst_ho...@kwsoft.de wrote:
>>
>>> Are there any experience with DNSSEC capable DNS Providers at the lower cost
>>> range suitable for KMU?
>>
>> I've not looked at t
On Sat, Dec 14, 2013 at 06:30:15PM +, Viktor Dukhovni wrote:
> Well, you're unlikely to have working TLSA RRs for your SMTP service
> just by happenstance. If you want to create a TLSA RRset for your
> SMTP server, run the attached "tlsagen" shell script as follows:
>
> $ tlsagen cert.pem
On Fri, Apr 25, 2014 at 02:35:55PM +, Eray Aslan wrote:
> For the record, looks like a typo in the script:
>
> --- tlsagen 2014-04-25 14:22:02.0 +
> +++ tlsagen 2014-04-25 13:50:17.0 +
Thanks, yes, this has since been fixed, and a few other improvements
made. Cur
On Fri, Apr 25, 2014 at 02:35:55PM +, Eray Aslan wrote:
> > $ tlsagen cert.pem $(uname -n) DANE-EE PKEY SHA2-256
> > _25._tcp.mail.example.com IN TLSA 3 1 1 {hex string}
>
> For the record, looks like a typo in the script:
Oh, and by the way, I see your domain has working TLSA RRs.
On Fri, Apr 25, 2014 at 03:00:42PM +, Viktor Dukhovni wrote:
> Oh, and by the way, I see your domain has working TLSA RRs.
[...]
> If anyone else on this list has a DNSSEC signed domain and adds MX
> host TLSA records, please feel free to drop me a note. I'll connect
> to your domain from my h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 25-04-14 17:00, Viktor Dukhovni wrote:
> On Fri, Apr 25, 2014 at 02:35:55PM +, Eray Aslan wrote:
>
>>> $ tlsagen cert.pem $(uname -n) DANE-EE PKEY SHA2-256
>>> _25._tcp.mail.example.com IN TLSA 3 1 1 {hex string}
>>
>> For the record, looks
