Issues delivering mail from GMX to my postfix

Carsten Strotmann cs at sys4.de
Mon May 23 08:01:01 CEST 2016


Hello Viktor,
Hello List-Participants,

On Thu, 19 May 2016 16:04:19 +0000
Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:

> I was going to guess that spamd or similar is the most likely
> culprit, even before you said you're running it.
> 
>     https://dane.sys4.de/common_mistakes#8
> 
> It might be enabling TLS only for cached "known good" clients, but
> that is not compatible with DANE.

I've found the issue, it was a configuration error on my behalf on the
IPv4 side of "smtp2.strotmann.de" that causes STARTTLS to be denied
(for all clients).

The IPv6 side of the configuration was always working and most
mail-sender preferred IPv6, that is the reason why the configuration
issue was not seen immediatly. Lesson learned: monitoring needs to cover
IPv4 and IPv6 separatly.

The GMX people have contacted me and were very
helpful in debugging this issue.

This now seems to be fixed, mail from GMX is coming in again.

Have a good week!

Carsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20160523/5a89f4cc/attachment.asc>


More information about the dane-users mailing list