Hi,
we would like to go the next step, enable smtp_tls_security_level = dane.
Currently we have encrypt site-wide.
But in cases where remote sites do not have published key material, the
fallback is may with dane, which is a step back in terms of security and
not wanted.
How can we specify:
1,
> On Jan 28, 2019, at 7:59 AM, Stefan Bauer wrote:
>
> But in cases where remote sites do not have published key material, the
> fallback is may with dane, which is a step back in terms of security and not
> wanted.
>
> How can we specify:
>
> 1, Always use at least encrypt
> 2, When TLSA-rec
Viktor Dukhovni:
> > On Jan 28, 2019, at 7:59 AM, Stefan Bauer wrote:
> >
> > But in cases where remote sites do not have published key material, the
> > fallback is may with dane, which is a step back in terms of security and
> > not wanted.
> >
> > How can we specify:
> >
> > 1, Always use
Wietse Venema:
> Viktor Dukhovni:
> > > On Jan 28, 2019, at 7:59 AM, Stefan Bauer wrote:
> > >
> > > But in cases where remote sites do not have published key material, the
> > > fallback is may with dane, which is a step back in terms of security and
> > > not wanted.
> > >
> > > How can we s
On 1/9/2019 5:55 PM, Robert L Mathews wrote:
On 1/9/19 4:05 PM, Curtis wrote:
We recently switched our Postfix mail servers to Ubuntu Server 18, which
uses journald for logging. Since we have monitoring systems that parse
/var/log/maillog, we enabled rsyslog with imuxsock so we still can parse
t
