Issues delivering mail from GMX to my postfix

Patrick Domack patrickdk at
Thu May 19 16:37:15 CEST 2016

Looks like two different issues.

The certificate name on doesn't match, it is instead.

When using, the TLS/DANE part works fine, but after  
this, and you attempt to send an email, it fails.
posttls-finger: Verified TLS connection established to[]:25: TLSv1.2 with cipher  
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
posttls-finger: > EHLO
posttls-finger: < 500 5.5.1 Command unrecognized
posttls-finger: EHLO rejected: 500 5.5.1 Command unrecognized
posttls-finger: > QUIT

I am not sure what is talking here, but it's not postfix and it's not  
allowing the ehlo to be processed.

Quoting "Carsten Strotmann (sys4)" <cs at>:

> Hi,
> I've got a report from a user that tries to send an mail from GMX to my
> private mail account.
> The mail-account is secured by DANE/TLSA and running on Postfix.
> "" does not report any issues, but GMX refuses to deliver
> mail with this message:
> ----------------------------schnipp----------------------------
> This message was created automatically by mail delivery software.
> A message that you sent could not be delivered to one or more of
> its recipients. This is a permanent error. The following address(es)
> failed:
> cas at
> remote MX does not support STARTTLS
> ----------------------------schnipp----------------------------
> Has anyone seen a similar issue? Any ideas how to troubleshoot?
> Best regards
> Carsten

More information about the dane-users mailing list