Author: daniel Date: To: Exim-users Subject: Re: [exim] DANE ERROR: TLSA LOOKUP DEFER
Hello,
Here is one example of the actual problem i have just recently tested on
the problem server without apply the option fix (source domain masked
for privacy reason):
On 2020-03-25 17:22, Viktor Dukhovni wrote:
> On Wed, Mar 25, 2020 at 01:10:53PM -0400, Phil Pennock via Exim-users wrote: >
> > On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote:
> > > We recently received many of our end users complains that they are having problem sending email to *.gov.hk with this exim error: > > > DANE ERROR: TLSA LOOKUP DEFER
> >
> > Their DNS is broken.
>
> It would best if the OP were at liberty to post one or (ideally) more
> example domains, or send the examples to me off-list if preferred.
>
> > > However we have contacted our government and their responds is:
> > > “Our DNSSEC setup is fine, and it is not nesserary to have DANE setup together with DNSSEC , so it is the exim MTA problem. We have not
actually setup DANE “ > > > Now here comes the problem: how can we solve this problem passively? We have many cPanel server with Exim. > >
> > You have one of these two options set on your SMTP Transport:
> >
>
> Indeed each sender can work around the problem for themselves, but
> that's suboptimal if the problem is on the receiving side. Ideally, if
> there is breakage on the gov.hk side, we should be able to demonstrate
> it to them in a way that elicits action to remediate the problem.
>
>
>