Viktor Dukhovni:
> On Mon, Feb 13, 2023 at 07:33:35PM -0500, Wietse Venema wrote:
>
> > There's a first implementation in postfix-3.8-20230213-nonprod.
> > Docs: https://www.postfix.org/postconf.5.html#use_srv_lookup
> > Code: http://ftp.porcupine.org/mirrors/postfix-release/index.html#non-prod
> >
> > To see all SRV related changes, diff the code against postfix-3.8-20230213.
> > Code:
> > http://ftp.porcupine.org/mirrors/postfix-release/index.html#experimental
>
> How does this interact with DANE? If the SRV RRset is DNSSEC-signed, do
> we get TLSA lookups for _<port>._tcp.<target> (possibly after secure
> end-to-end CNAME expansion), just as with MX lookups?
The SRV lookup code is almost identical to the MX lookup code; it
returns the same mxrr value with rname and qname values.
SMTP_ITERATOR.port is updated with SRV port information, so that
dane = tls_dane_resolve(iter->port, "tcp", iter->rr,
var_smtp_tls_force_tlsa)
will use the correct remote port.
Wietse
