Red Hat Bugzilla – Bug 1254878
[RFE] Add DANE support
Last modified: 2018-03-21 13:44:32 EDT
Description of problem: The postfix version which is included (2.10) don't support DANE aka TLSA. The support for it was added for 2.11 Version-Release number of selected component (if applicable): postfix-2.10.1-6.el7.x86_64 Will it possible to upgrade it for RHEL 7.2?
It's too late for 7.2, but maybe in 7.3. If it is critical for you, please escalate it through support channel.
It's too complex for backporting, better (and more safe) is to rebase.
Would love to see it as well, as it can help with MITM TLS downgrade attacks. 2.11 also includes support for multiple recipient delimiter characters (which is a huge win as many sites don't accept the "+" char).
Why not going to 3.1.* ?
Postfix 2.11 received its final update in January 2018, and the entire 2.x branch is no longer supported upstream. I agree at this point it would probably be better to rebase to 3.2.