On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote:
> We recently received many of our end users complains that they are having problem sending email to *.gov.hk with this exim error:
> DANE ERROR: TLSA LOOKUP DEFER
Their DNS is broken.
> However we have contacted our government and their responds is:
> “Our DNSSEC setup is fine, and it is not nesserary to have DANE setup together with DNSSEC , so it is the exim MTA problem. We have not actually setup DANE “
> Now here comes the problem: how can we solve this problem passively? We have many cPanel server with Exim.
You have one of these two options set on your SMTP Transport:
hosts_try_dane
hosts_require_dane
Each of those takes a host-list, so might currently look like:
hosts_try_dane = *
You can change that to look like:
hosts_try_dane = !*.gov.hk : *
If the host-list references external files, take a look at those.
-Phil
