I set up Mail-In-A-Box today, but I have a problem with DANE.
The panel shows me under Status Checks that the TLSA record is correct, but when I test it online, e.g. via Internet.nl, I see that the record is incorrect I use my own name server called ns1.box.domain.com
Sometimes Dane is only valid for IPv6 but invalid for IPv4
From the screenshots I derive that you did the website test of internet.nl (About the website test). I notice that if I test domain.com it does not find the DANE TLSA record, but if i use box.domain.com that the record is found correctly. Also, in my experience, the email test of the internet.nl website (About the email test) always found the TLSA record for me. I think that DANE is important for email delivery, so I attach more weight to the email test than to the website test.
Is your DNSSEC setup correctly?
Looking into this a bit more, it looks like Mailinabox publishes a TLSA record on _443._tcp.box.example.com. I think that the internet.nl website test looks at _443._tcp.example.com where it will not find it.
Perhaps mailinabox should also publish a TLSA record at _443._tcp.example.com? And on all other subdomains it serves https on, like www.example.com?
The DANE TLSA record for incoming mail (_25._tcp.mail.flightscan.me) is not correct. It is ‘3 1 1 67226ab50c8e44f4f290aae6b58b06cd867f1a9fa2302ce8da7c26dbe6ee1480’ but it should be ‘3 1 1 cf740b0712dd6e2958a1100d496d376b5a2f8ff2f37f21be2c31bf03c163e569’. It may take several hours for public DNS to update after a change.