Bug 11934

Summary: set up TLSA record for mail01.i.ipfire.org...
Product: Infrastructure Reporter: Peter Müller <peter.mueller>
Component: Mail & Mailing ListsAssignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact: Peter Müller <peter.mueller>
Severity: Security    
Priority: - Unknown -    
Version: unspecified   
Hardware: all   
OS: All   
Bug Depends on:    
Bug Blocks: 11898    

Description Peter Müller 2018-11-09 17:56:34 UTC 
... in order to make internal DANE work (currently, clients are using relay.i.ipfire.org as mail relay which is an alias to mail01.i.ipfire.org but has no TLSA record, either).
Comment 1 Michael Tremer 2018-11-10 12:13:00 UTC 
I created it. What do we do with the alias? Should we move that over to mail01.i.ipfire.org?
Comment 2 Michael Tremer 2018-11-13 22:40:06 UTC 
You have already set smtp_tls_security_level = dane on many systems. That is currently causing that not a single email is passed to the main relay because this ticket is not closed yet.
Comment 3 Michael Tremer 2018-11-13 22:40:21 UTC 
(In reply to Michael Tremer from comment #2)
> You have already set smtp_tls_security_level = dane on many systems. That is
> currently causing that not a single email is passed to the main relay
> because this ticket is not closed yet.

I reset this to "may" for now
Comment 4 Michael Tremer 2019-08-01 13:16:51 UTC 
I think this is basically done. The new configuration tools automatically create those records.