Re: [exim] DANE ERROR: TLSA LOOKUP DEFER

トップ ページ
このメッセージを削除
このメッセージに返信
著者: daniel
日付:  
To: Exim-users
題目: Re: [exim] DANE ERROR: TLSA LOOKUP DEFER
Hello Phil,

Thanks for the passive solution.

Would you please advise what exactly of their DNS is broken? And is exim
by default will try DANE on all hosts or not? Because i dont found 
these two configs in the exim config currently.

Thanks

Daniel


On 2020/3/26 上午 01:10, Phil Pennock wrote:
> On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote:
>> We recently received many of our end users complains that they are having problem sending email to *.gov.hk with this exim error:
>> DANE ERROR: TLSA LOOKUP DEFER
> Their DNS is broken.
>
>> However we have contacted our government and their responds is:
>> “Our DNSSEC setup is fine, and it is not nesserary to have DANE setup together with DNSSEC , so it is the exim MTA problem. We have not actually setup DANE “
>> Now here comes the problem: how can we solve this problem passively? We have many cPanel server with Exim.
> You have one of these two options set on your SMTP Transport:
>
>      hosts_try_dane
>      hosts_require_dane

>
> Each of those takes a host-list, so might currently look like:
>
>      hosts_try_dane = *

>
> You can change that to look like:
>
>      hosts_try_dane = !*.gov.hk : *

>
> If the host-list references external files, take a look at those.
>
> -Phil