Issues delivering mail from GMX to my postfix
Carsten Strotmann (sys4)
cs at sys4.de
Thu May 19 17:02:59 CEST 2016
Hello Patrick,
Patrick Domack wrote:
> Looks like two different issues.
>
> The certificate name on smtp3.strotmann.de doesn't match, it is
> mail.tidelock.de instead.
Yes, true, but that should not be an issue when using DANE-EE(3)
From
https://tools.ietf.org/html/rfc7671#section-5.1
> In particular, the binding of the server public key to its
> name is based entirely on the TLSA record association. The server
> MUST be considered authenticated even if none of the names in the
> certificate match the client's reference identity for the server.
>
> When using smtp2.strotmann.de, the TLS/DANE part works fine, but after
> this, and you attempt to send an email, it fails.
> posttls-finger: Verified TLS connection established to
> smtp2.strotmann.de[5.45.109.212]:25: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> posttls-finger: > EHLO mx3.grsi.com
> posttls-finger: < 500 5.5.1 Command unrecognized
> posttls-finger: EHLO rejected: 500 5.5.1 Command unrecognized
> posttls-finger: > QUIT
>
> I am not sure what is talking here, but it's not postfix and it's not
> allowing the ehlo to be processed.
>
This is OpenBSDs "spamd" intercepting. I need to check why it is
intercepting here, and not transparent piping towards the Postfix.
Thanks for the pointers, I will check that.
-- Carsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/mailman/private/dane-users/attachments/20160519/55445f48/attachment.asc>
More information about the dane-users
mailing list