Issues delivering mail from GMX to my postfix

Carsten Strotmann (sys4) cs at
Thu May 19 17:02:59 CEST 2016

Hello Patrick,

Patrick Domack wrote:
> Looks like two different issues.
> The certificate name on doesn't match, it is
> instead.

Yes, true, but that should not be an issue when using DANE-EE(3)


> In particular, the binding of the server public key to its
>    name is based entirely on the TLSA record association.  The server
>    MUST be considered authenticated even if none of the names in the
>    certificate match the client's reference identity for the server.

> When using, the TLS/DANE part works fine, but after
> this, and you attempt to send an email, it fails.
> posttls-finger: Verified TLS connection established to
>[]:25: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> posttls-finger: > EHLO
> posttls-finger: < 500 5.5.1 Command unrecognized
> posttls-finger: EHLO rejected: 500 5.5.1 Command unrecognized
> posttls-finger: > QUIT
> I am not sure what is talking here, but it's not postfix and it's not
> allowing the ehlo to be processed.

This is OpenBSDs "spamd" intercepting. I need to check why it is
intercepting here, and not transparent piping towards the Postfix.

Thanks for the pointers, I will check that.

-- Carsten

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the dane-users mailing list