Snawoot
Snawoot
As far as I know we use automatic switching between in-kernel (wg module) and userspace (TUN) implementation. Should we also use such autoswitching via probing for full userspace impl. as...
Thank you! We will look into this.
> however all traffic going through that peer will still be counted towards the connection(and will be updated if the client is removed from the wireguard interface before the vpn...
Здравствуйте! Правильно по первому варианту делать. Если не получается - разбираться, что именно.
Hello, @PhrozenByte! Thanks for a great idea! I'm thinking about another way to solve this. Systemd has some feature called "socket activation". Basically, it opens socket and runs specified unit...
Hello! postfix-mta-sts-resolver either retrieves enforcing TLS policy or clearly indicates it has no TLS policy override for requested domain. In later case next policy map or default TLS policy applies,...
In fact, DANE doesn't bypasses CA, it just uses another root of trust which has no alternatives. However, you are right. Proper solution should restrict certificates to set of least...
Hello, This is already covered for Postfix in README: https://github.com/Snawoot/postfix-mta-sts-resolver#operability-check I'm not sure about Sendmail because I've never tried it with pmsr and integration with pmsr in Sendmail is relatively...
@dilyanpalauzov Ah, now I get it. I also was collaborating with STARTTLS Everywhere project, there was an idea to build something like https://badssl.com/ but for MTA-STS. It was never implemented,...