Re: [exim] DANE ERROR: TLSA LOOKUP DEFER

Góra strony
Delete this message
Reply to this message
Autor: daniel
Data:  
Dla: Exim-users
Temat: Re: [exim] DANE ERROR: TLSA LOOKUP DEFER
Hello Phil,

Thanks for the passive solution.

Would you please advise what exactly of their DNS is broken? And is exim
by default will try DANE on all hosts or not? Because i dont found 
these two configs in the exim config currently.

Thanks

Daniel


On 2020/3/26 上午 01:10, Phil Pennock wrote:
> On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote:
>> We recently received many of our end users complains that they are having problem sending email to *.gov.hk with this exim error:
>> DANE ERROR: TLSA LOOKUP DEFER
> Their DNS is broken.
>
>> However we have contacted our government and their responds is:
>> “Our DNSSEC setup is fine, and it is not nesserary to have DANE setup together with DNSSEC , so it is the exim MTA problem. We have not actually setup DANE “
>> Now here comes the problem: how can we solve this problem passively? We have many cPanel server with Exim.
> You have one of these two options set on your SMTP Transport:
>
>      hosts_try_dane
>      hosts_require_dane

>
> Each of those takes a host-list, so might currently look like:
>
>      hosts_try_dane = *

>
> You can change that to look like:
>
>      hosts_try_dane = !*.gov.hk : *

>
> If the host-list references external files, take a look at those.
>
> -Phil