Viktor Dukhovni: > On Mon, Feb 13, 2023 at 07:33:35PM -0500, Wietse Venema wrote: > > > There's a first implementation in postfix-3.8-20230213-nonprod. > > Docs: https://www.postfix.org/postconf.5.html#use_srv_lookup > > Code: http://ftp.porcupine.org/mirrors/postfix-release/index.html#non-prod > > > > To see all SRV related changes, diff the code against postfix-3.8-20230213. > > Code: > > http://ftp.porcupine.org/mirrors/postfix-release/index.html#experimental > > How does this interact with DANE? If the SRV RRset is DNSSEC-signed, do > we get TLSA lookups for _<port>._tcp.<target> (possibly after secure > end-to-end CNAME expansion), just as with MX lookups?
The SRV lookup code is almost identical to the MX lookup code; it returns the same mxrr value with rname and qname values. SMTP_ITERATOR.port is updated with SRV port information, so that dane = tls_dane_resolve(iter->port, "tcp", iter->rr, var_smtp_tls_force_tlsa) will use the correct remote port. Wietse