Re: [exim] A TLS fatal alert has been received.: Insufficien…

Top Page
Delete this message
Reply to this message
Author: Thomas Krichel
Date:  
To: Viktor Dukhovni via Exim-users
Subject: Re: [exim] A TLS fatal alert has been received.: Insufficient security
Viktor Dukhovni via Exim-users writes

> The gmx.de MTAs support DANE in both directions. Does your MX host
> have published DANE TLSA records? Are they correct? Is your
> certificate still valid, or expired? ...


I have an issue that has a similar feel to it. It's with a host of
Germanic providers gmx.de, gmx.at, web.de, mailbox.org ...

2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt failed; TLS connection
to mx-ha03.web.de [212.227.15.17]: (certificate verification failed): TLSA
record problem: There was error initializing the DNS query.
2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt failed; TLS connection
to mx-ha02.web.de [212.227.17.8]: (certificate verification failed):
TLSA record problem: There was error initializing the DNS query.
2019-03-25 09:00:08 1h8LSh-0001oy-Uy == USER_1_REDACTED@???
R=dnslookup T=remote_smtp defer (-37) H=mx-ha02.web.de [212.227.17.8]:
TLS session: (certificate verification failed): TLSA record problem: There was
error initializing the DNS query.
2019-03-25 09:22:27 1h8LSp-00020w-Qe DANE attempt failed; TLS connection
to mx-ha02.web.de [212.227.17.8]: (certificate verification failed): TLSA
record problem: There was error initializing the DNS query.
2019-03-25 09:22:27 1h8LSp-00020w-Qe == USER_2_REDACTED@???
R=dnslookup T=remote_smtp defer (-37) H=mx-ha02.web.de [212.227.17.8]:

I am at a loss since that time. I have lost
all my subscribers based at these domains. I was thinking that I
may have to set up secure DNS to continue email.

> It would be helpful to post your email domainname and server hostname.


The sending domain is nep.repec.org, the server is at 5.9.150.131,
2a01:4f8:190:3385::2.

--

Cheers,

  Thomas Krichel                  http://openlib.org/home/krichel
                                              skype:thomaskrichel