[Ach] Feedback to applied-crypto-hardening.pdf - Mail Servers - Dovecot+Postfix
sebix at sebix.at
Fri Dec 22 14:06:55 CET 2017
Please consider writing one email with feedback on multiple sections,
On 12/22/2017 01:43 PM, Torge Riedel wrote:
> The guide is working for me,
Will be added too.
> I am using the following settings with success from the Thomas' guide:
> smtp_tls_security_level = dane
> smtp_dns_support_level = dnssec
Yes, we are missing DNSSEC and DANE in the guide currently. See for
On 12/22/2017 01:50 PM, Torge Riedel wrote:
> The guide is working for me.
> But I'm not sure whether it should be
The docs do not mention it at all:
Is it necessary?
Here is an indicator it might be necessary:
> And - this is maybe out-of-scope - if you want to use Let's Encrypt
> certs for MySQL, do the following:
The usage of letsencrypt, and other approaches, is out of scope, yes.
The guide is CA-agnostic.
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 854 bytes
Desc: OpenPGP digital signature
More information about the Ach