DANE / DNSSEC and MTA-STS is no problem with Citadel to setup.
I have running it. The only problem for DANE is, not all DNS offer TLSA as own entry. A "fake" entry over TXT doesnt work anymore.
If youre using Cloudflare, you are fine to get all things running.
Cheers
Mike
Mi Mai 22 2024 11:15:20 UTC von Nurb432Moving people to ' centralized DNS' a goal perhaps? To better control, block, and monitor...and of course: 'profit!'
"sorry, you are not in the club, your DNS infrastructure does not count, so piss-off"
Wed May 22 2024 07:10:08 EDT from darknetuserI was reading at ADMIN Magazine that there is a bit of a push to get DANE set up for your smtp. I have never noticed it being enforced, but just as with DMARC and company, if it reaches a certain mass it will be, which SUCKS, because in order to have DANE work in sync with your certificates you either need a DNS provider with an API you can use to rekey, or you need to run your own DNS infrastructure, or you need to do rekey manually. Which SUCKS.