MTA to MTA and DANE SUPPORT

Liste des GroupesRevenir à cm sendmail 
Sujet : MTA to MTA and DANE SUPPORT
De : jaapw (at) *nospam* talo.nl (jaapw)
Groupes : comp.mail.sendmail
Date : 10. Feb 2025, 08:37:40
Autres entêtes
Organisation : novaBBS
Message-ID : <2a80358b905d54efc0d013e95cbcfc64@www.novabbs.com>
User-Agent : Rocksolid Light
MTA to MTA and DANE SUPPORT
We use sendmail 8.18.1 with DANE + DNSSEC + STARTTLS as an MTA to MTA
server, and it runs reliable, and it does keep our system save.
However, I would like to clear the verify=TRUSTED matter.
Why does it fail in terms of being TRUSTED or is such a value not
exchanged?
An example from maillog:
INCOMING FROM MICROSOFT relay=mail....protection.outlook.com
    Feb  7 17:10:58 babylon sm-mta[26402]: STARTTLS=server,
    relay=mail-db8eur05on20703.outbound.protection.outlook.com
    [IPv6:2a01:111:f403:2614:0:0:0:703], version=TLSv1.3, verify=OK,
    cipher=TLS_AES_256_GCM_SHA384, bits=256/256
OUTGOING TO mx.microsoft
    Feb  7 19:56:17 babylon sm-mta[28405]: STARTTLS=client,
    relay=xxxxx-nl.r-v1.mx.microsoft., version=TLSv1.3, verify=TRUSTED,
    cipher=TLS_AES_256_GCM_SHA384, bits=256/256
For the above case  e-mail addresses TO and FROM are equal, and
according MS in- and outbound DANE should have been applied, however,
only TO becomes TRUSTED.
Such an asymmetric behaviour occurs quite often at other mail servers
too.
It might be real in quite a number of cases (no DANE).
We use Slackware64 15.0 with sendmail-8.18.1, bind-9.18.33 and
we have a tlsa record + dnssec + startttls + rsa certificates;
(see "delv _25._tcp.mail.talo.nl tlsa +dnssec" ).
If I have understood the sendmail docs correctly, verify=TRUSTED
should apply to both outgoing and incoming e-mail-protocols.
jaapw
--
jaapw

Date Sujet#  Auteur
10 Feb 25 * MTA to MTA and DANE SUPPORT3jaapw
10 Feb 25 `* Re: MTA to MTA and DANE SUPPORT2Claus Aßmann
10 Feb 25  `- Re: MTA to MTA and DANE SUPPORT1jaapw

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal