Issues delivering mail from GMX to my postfix
Carsten Strotmann (sys4)
cs at sys4.de
Thu May 19 17:02:59 CEST 2016
Patrick Domack wrote:
> Looks like two different issues.
> The certificate name on smtp3.strotmann.de doesn't match, it is
> mail.tidelock.de instead.
Yes, true, but that should not be an issue when using DANE-EE(3)
> In particular, the binding of the server public key to its
> name is based entirely on the TLSA record association. The server
> MUST be considered authenticated even if none of the names in the
> certificate match the client's reference identity for the server.
> When using smtp2.strotmann.de, the TLS/DANE part works fine, but after
> this, and you attempt to send an email, it fails.
> posttls-finger: Verified TLS connection established to
> smtp2.strotmann.de[22.214.171.124]:25: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> posttls-finger: > EHLO mx3.grsi.com
> posttls-finger: < 500 5.5.1 Command unrecognized
> posttls-finger: EHLO rejected: 500 5.5.1 Command unrecognized
> posttls-finger: > QUIT
> I am not sure what is talking here, but it's not postfix and it's not
> allowing the ehlo to be processed.
This is OpenBSDs "spamd" intercepting. I need to check why it is
intercepting here, and not transparent piping towards the Postfix.
Thanks for the pointers, I will check that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 883 bytes
Desc: OpenPGP digital signature
More information about the dane-users