Search results

Unzip the 91GB file and check what's in there that takes up the extra space. Ik might give you a clue what happened.

I think he has it figured it out after 15-16 years...

Yups, those are default.

Yes, the client sends a certificate but afaik this is only if my server asks for a client cert first and then is unable to check this. Or something like that.

That's no problem. Secure email connections are usually only used between a users client and the submit part of the mta, not between mta's themselves. But every now and then I see these messages and the sending mailserver refuses to send mail in plain text so this keeps hammering the server for...

In the exim mainlog. It looks like it's when another mailserver wants a tls to exim's port 25, my exim requests te remote client for a client cert, but after the client sends it, my exim is unable to validate it. (Because tls_verify_certificates is default empty).

I noticed a number of errors in my exim mainlog: (SSL_accept): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca But ssllabs, dnssec, tlsa etc is all correct. I'm using Letsencrypt certs. Anyone seen this before? Is a pretty basic DA install.

The 'normal' situation is: DA Servers -> hidden PowerDNS master -> pdns slaves But users with unmaged servers have there zones only in the PDNS master (and slaves). What I want to do is, give those users a DA useraccount on a DA server, where they can use the DA DNS management to manage...

Ey Sjoerd! Still alive ;) And I could do that, sure, but doing it yourself is also a lot of fun, right?

Is there a script/function/way to transfer many domains from powerdns to a bind/named format and to link them to a DA user? Each domain has different settings and ip-addresses and nothing of that domain exists on the server of the DA user. So, setup basic stuff that the domain is visible under...

Just to let you guys know, @smtalk has done a great job improving the tlsa.sh script so now it works perfectly. Many thanks, Martynas!

True, and it's not really working well. It kinda works sometimes. Better wait for it to get integrated in DA indeed.

Just noticed that at line 182 the dot is also missing. Might be fixed already.

Yes

Yups, I did. But today I get a message 'All TLSA RRs failed', while the records are all signed. I'm not sure why but TLSA seems to miss something.

Nope, no prerelease. Fully up2date afaik. It say's version 0.2. Date is: Sep 27 10:26 tlsa.sh. But on another server I have a slightly different date: 'Sep 29 23:06' So, it might have been fixed between those dates. But now I wonder why the first never got updated...

That's for DANE/TLSA. If you're not using that, you won't have any of those records.

Sure, but you don't have to compile anything. It just adds a few records to your domain.com.db in named/bind. But because the dot is missing you get stuff like _25._tcp.mail.domain.com.domain.com

1.2 and 1.3. You shouldn't use 1.0 and 1.1 anymore.

Replacing secure ftp with nfs is probably the worst you can do, so why not consider replacing the developer with a less spoiled one?