Peter Hutchison via Exim-users <exim-users@???> (Mo 09 Apr 2018 15:24:54 CEST):
> Has anyone implemented any of the following on their mail systems? StartTLS, DMarc and DKim.
STARTTLS I'd see as a must nowadays.
Problems can arise if you have MUAs connecting to your server and your
server is presenting a certificate with an unexpected CN or SAN.
DMARC should imply DKIM.
Do you talk about the sending or the receiving side?
DMARC is experimental, so expect configuration options to change.
Sending: Be sure to know the hosts sending with your domains as sender
Receiving: Expect messages from mailinglists to rejected.
Implement it and closely watch the logs.
I use all of the three, for sending and on the MX for checking inbound
messages, and beside the usual issues I do not see any problems (or, the
problems are not important enough to reach me ;))
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
