Comment 6 for bug 1868955
Revision history for this message
| Jan Büren (kivitendo) wrote Re: after upgrade to 20.04: posttls cannot connect to private/tlsmgr | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Thanks for your replies.
@andreas:
Well, it was a bit hidden in my bug report but the real issue is that postfix doesn't delivers mail to dane-only domains:
to=<email address hidden>, relay=none, delay=2126, delays=
I created one test account you may use to send some local mail to: <email address hidden>
This is valid DANE domain and to reproduce the issue use the following tls policies:
smtp_tls_
$ cat /etc/postfix/
bueren.space dane-only
The smtp local client tries to verifiy the TLSA entries by using DNSSEC.
I simply use a local unbound DNS server.
This setting stopped working after the upgrade. Maybe the posttls-finger is not so important, but this will trouble all mail admins who have some dane-only entries in their policy (Oops, my DNS Server DNSSEC is bogus -> Nope. Probably the other mail server isn't DANE safe anymore -> Nope.).