Viktor Dukhovni via Exim-users writes
> The gmx.de MTAs support DANE in both directions. Does your MX host
> have published DANE TLSA records? Are they correct? Is your
> certificate still valid, or expired? ...
I have an issue that has a similar feel to it. It's with a host of
Germanic providers gmx.de, gmx.at, web.de, mailbox.org ...
2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt failed; TLS connection
to mx-ha03.web.de [212.227.15.17]: (certificate verification failed): TLSA
record problem: There was error initializing the DNS query.
2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt failed; TLS connection
to mx-ha02.web.de [212.227.17.8]: (certificate verification failed):
TLSA record problem: There was error initializing the DNS query.
2019-03-25 09:00:08 1h8LSh-0001oy-Uy == USER_1_REDACTED@???
R=dnslookup T=remote_smtp defer (-37) H=mx-ha02.web.de [212.227.17.8]:
TLS session: (certificate verification failed): TLSA record problem: There was
error initializing the DNS query.
2019-03-25 09:22:27 1h8LSp-00020w-Qe DANE attempt failed; TLS connection
to mx-ha02.web.de [212.227.17.8]: (certificate verification failed): TLSA
record problem: There was error initializing the DNS query.
2019-03-25 09:22:27 1h8LSp-00020w-Qe == USER_2_REDACTED@???
R=dnslookup T=remote_smtp defer (-37) H=mx-ha02.web.de [212.227.17.8]:
I am at a loss since that time. I have lost
all my subscribers based at these domains. I was thinking that I
may have to set up secure DNS to continue email.
> It would be helpful to post your email domainname and server hostname.
The sending domain is nep.repec.org, the server is at 5.9.150.131,
2a01:4f8:190:3385::2.
--
Cheers,
Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel
