DNSSEC and DANE Support requirement in Germany

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
kujioztr
Posts: 1
Joined: Tue Aug 25, 2015 1:55 am

DNSSEC and DANE Support requirement in Germany

Postby kujioztr » Tue Aug 25, 2015 1:59 am

Hello,



we want to use DNSSEC and DANE in our company to provide a more secure email-server for our customers.



Beside that, the german agency for infomrationtechnologysecurity (BSI) published a new guideline that requires DANE and DNSSEC to be used on a mail server. It is to expect, that this guideline becomes a must have for other goverment agencys, organization and even private companys who are dealing with sensitive informations (like ISPs).


Source: http://www.heise.de/netze/meldung/BSI-Richtlinie-fuer-sicheren-Mail-Transport-zeigt-bereits-Wirkung-2788316.html


My Question:




Can i already use Zimbra with DNSSEC and DANE validation? How can i enable it? When the feature ist not available at the moment, what are your plans on that?




Thank you!



User avatar
oetiker
Advanced member
Advanced member
Posts: 160
Joined: Fri Mar 07, 2014 1:05 pm
Location: Switzerland
ZCS/ZD Version: Release 8.8.12.GA.3794.UBUNTU16.64
Contact:

Re: DNSSEC and DANE Support requirement in Germany

Postby oetiker » Wed Sep 11, 2019 2:39 pm

I found this

2085 zimbraMtaSmtpTlsDaneInsecureMXPolicy enum 8.7.0,9.0.0 Value for postconf smtp_tls_dane_insecure_mx_policy.


https://files.zimbra.com/docs/config-guide/index.html

Return to “Administrators”

Who is online

Users browsing this forum: 7224jobe, Google [Bot] and 15 guests