posttls-finver vs. dane.sys4.de

[Andreas Schulze]

Hello,

we found messages to "sushi-circle.de" stay in our MTA facing outside 
world: "status=deferred (TLSA lookup error for 
login.enterprise-email.com:25)"

dane.sys4.de doesn't mention any problems.

in contrast:

# posttls-finger  sushi-circle.de
posttls-finger: warning: DANE TLSA lookup problem: Host or domain name 
not found. Name service error for 
name=_25._tcp.login.enterprise-email.com type=TLSA: Host not found, try 
again
posttls-finger: warning: DANE TLSA lookup problem: Host or domain name 
not found. Name service error for 
name=_25._tcp.login.enterprise-email.com type=TLSA: Host not found, try 
again
posttls-finger: Failed to establish session to sushi-circle.de via 
login.enterprise-email.com: TLSA lookup error for 
login.enterprise-email.com:25

I guess some piece of software is wrong...

force $destdomain to encrypt only let postfix deliver the messages.

Andreas