Hi !
Regarding this topic here i checked my domain with posttls-finger it
brings some errors (i can only do it on the machine itself)
posttls-finger: warning: DNSSEC validation may be unavailable
posttls-finger: warning: reason: dnssec_probe 'ns:.' received a response
that is not DNSSEC validated
....
posttls-finger: certificate verification failed for
vserver.hoerst.net[127.0.1.1]:25: untrusted issuer /C=US/O=Internet
Security Research Group/CN=ISRG Root X1
posttls-finger: vserver.hoerst.net[127.0.1.1]:25:
subject_CN=vserver.hoerst.net, issuer_CN=R3,
fingerprint=75:31:98:F4:2F:4A:B3:55:22:16:32:EA:6B:11:BA:2A:12:2D:4E:73:51:35:08:CA:28:AB:98:20:5F:25:D2:B2,
pkey_fingerprint=F4:FC:E0:46:8E:82:6A:C8:F8:B5:99:8C:3B:FC:F5:8F:58:48:DC:CE:36:FB:9F:A7:45:36:C5:F9:27:4A:D0:B1
posttls-finger: Untrusted TLS connection established to
vserver.hoerst.net[127.0.1.1]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (2048 bits) server-digest SHA256....
the check here
https://www.huque.com/bin/danecheck-smtp
says all OK
Do i have a problem ?
Ciao Gerd
Am 25.06.24 um 16:38 schrieb Wietse Venema via Postfix-users:
Jeff Pang via Postfix-users:
I asked the question "what's smtp dane in modern email system?" to
chatgpt. Here is gpt's answer which I think to be valueful. so I share here.
I see similarities withhttps://www.nccoe.nist.gov/publication/1800-6/VolB/index.html
Wietse
_______________________________________________
Postfix-users mailing list --postfix-users@postfix.org
To unsubscribe send an email topostfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
