Issues delivering mail from GMX to my postfix

Carsten Strotmann (sys4) cs at sys4.de
Thu May 19 17:02:59 CEST 2016


Hello Patrick,

Patrick Domack wrote:
> Looks like two different issues.
> 
> The certificate name on smtp3.strotmann.de doesn't match, it is
> mail.tidelock.de instead.

Yes, true, but that should not be an issue when using DANE-EE(3)

From
https://tools.ietf.org/html/rfc7671#section-5.1

> In particular, the binding of the server public key to its
>    name is based entirely on the TLSA record association.  The server
>    MUST be considered authenticated even if none of the names in the
>    certificate match the client's reference identity for the server.


> 
> When using smtp2.strotmann.de, the TLS/DANE part works fine, but after
> this, and you attempt to send an email, it fails.
> posttls-finger: Verified TLS connection established to
> smtp2.strotmann.de[5.45.109.212]:25: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> posttls-finger: > EHLO mx3.grsi.com
> posttls-finger: < 500 5.5.1 Command unrecognized
> posttls-finger: EHLO rejected: 500 5.5.1 Command unrecognized
> posttls-finger: > QUIT
> 
> I am not sure what is talking here, but it's not postfix and it's not
> allowing the ehlo to be processed.
> 

This is OpenBSDs "spamd" intercepting. I need to check why it is
intercepting here, and not transparent piping towards the Postfix.

Thanks for the pointers, I will check that.

-- Carsten

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/mailman/private/dane-users/attachments/20160519/55445f48/attachment.asc>


More information about the dane-users mailing list