From 4329f95bf06c586c32403887b45d6e32f952e851 Mon Sep 17 00:00:00 2001
From: thom <thom@amsterdamtech.nl>
Date: Wed, 30 Sep 2020 23:29:33 +0200
Subject: [PATCH] Use DANE if TLSA records are present (#5786)

---
 install/tpl/postfix_3-0.conf.master | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/install/tpl/postfix_3-0.conf.master b/install/tpl/postfix_3-0.conf.master
index aa205679ad..ce4fc920ed 100644
--- a/install/tpl/postfix_3-0.conf.master
+++ b/install/tpl/postfix_3-0.conf.master
@@ -11,3 +11,6 @@
 #{stress_adaptive} smtpd_soft_error_limit = ${stress?{2}:{5}}
 #{stress_adaptive} smtpd_timeout = ${stress?{10}:{60}}s
 
+# validate DANE
+smtp_dns_support_level = dnssec
+smtp_tls_security_level = dane
-- 
GitLab