Hello Frank, Frank Fiene wrote: > 3.) Our DNS provider has added this to the domain and has signed it again (no > idea why there is a blank!). > _*._tcp.mail.veka.com. 3600 IN TLSA 3 0 1 > 04459A87D803EE5D2450114C09E8370DC51B27716431378CFA5560E1 53AED957
this is an incorrect use of an DNS wildcard. See http://www.ietf.org/rfc/rfc4592 The asterisk must be the leftmost character in the domain name, an asterisk inside a domain name is just that, an asterisk. The TLSA record above does not match port 25. The record *._tcp.mail.veka.com. 3600 IN TLSA would be valid, it would match all ports on the machine mail.veka.com, but I'm not sure if that is useful. Best regards Carsten Strotmann
signature.asc
Description: OpenPGP digital signature
