On Monday, 21 September 2020 6:39:35 PM AEST Jeremy Harris via Exim-users wrote: > On 21/09/2020 09:34, Dan Egli via Exim-users wrote: > > Forgive me for being a bit dense, but I'm new to the SSL world. I have > > certificates by LetsEncrypt, generated about a month ago. Where and how > > do I look to determine if I need new certificates. And what's with the > > TLSA DNS entries? I've never heard of a TLSA record. > > TLSA records are part of DANE. If you're not using DANE, you > don't need them. DANE is a means of publishing trust information in the DNS with DNSSEC signatures as an alternative to the CAs acting as a trusted 3rd party. This helps in email as many MX records are not able to be tied to a common name and/or subject alternative name that would match the domain of the email recipient that could be verified by the sender.
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/