Hello,
I tried:
begin routers
default:
driver = manualroute
route_data = ssl.schlittermann.de
transport = smtp
begin transports
smtp:
driver = smtp
hosts_require_dane = *
But this setup can't use DANE, since the lookup of ssl.schlittermann.de
doesn't seem to set the 'dnssec' flag. Even if I try to enforce dnssec,
it doesn't work (route_data = ${lookup dnsdb{dnssec_strict,a=ssl.schlittermann.de}})
I do not see any reason why I shouldn't use DANE in such a case.
Probably the manualroute driver needs to support the
dnssec_request_domains option too (or some similar flag)..
DNS lookup of ssl.schlittermann.de (AAAA) gave NO_DATA
returning DNS_NODATA
DNS lookup of ssl.schlittermann.de (A) succeeded
LOG: MAIN
DANE error: ssl.schlittermann.de lookup not DNSSEC
LOG: MAIN
== hs@??? R=relay_to T=remote_smtp defer (0)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
