Bug 11934 - set up TLSA record for mail01.i.ipfire.org...
Summary: set up TLSA record for mail01.i.ipfire.org...
Status: CLOSED FIXED
Alias: None
Product: Infrastructure
Classification: Unclassified
Component: Mail & Mailing Lists (show other bugs)
Version: unspecified
Hardware: all All
: - Unknown - Security
Assignee: Michael Tremer
QA Contact: Peter Müller
URL:
Keywords:
Depends on:
Blocks: INTERNALSTARTTLS
  Show dependency treegraph
 
Reported: 2018-11-09 17:56 UTC by Peter Müller
Modified: 2019-08-01 13:16 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2018-11-09 17:56:34 UTC 
... in order to make internal DANE work (currently, clients are using relay.i.ipfire.org as mail relay which is an alias to mail01.i.ipfire.org but has no TLSA record, either).
Comment 1 Michael Tremer 2018-11-10 12:13:00 UTC 
I created it. What do we do with the alias? Should we move that over to mail01.i.ipfire.org?
Comment 2 Michael Tremer 2018-11-13 22:40:06 UTC 
You have already set smtp_tls_security_level = dane on many systems. That is currently causing that not a single email is passed to the main relay because this ticket is not closed yet.
Comment 3 Michael Tremer 2018-11-13 22:40:21 UTC 
(In reply to Michael Tremer from comment #2)
> You have already set smtp_tls_security_level = dane on many systems. That is
> currently causing that not a single email is passed to the main relay
> because this ticket is not closed yet.

I reset this to "may" for now
Comment 4 Michael Tremer 2019-08-01 13:16:51 UTC 
I think this is basically done. The new configuration tools automatically create those records.