Re: [exim] DANE ERROR: TLSA LOOKUP DEFER

Tue, 31 Mar 2020 01:32:17 -0700 

Hello,
Here is one example of the actual problem i have just recently tested on the problem server without apply the option fix (source domain masked for privacy reason): 


2020-03-30 15:02:59 1jIoRn-0004MT-RH <= [email protected] H=(vps.xxx.com) 
[::1]:45888 P=esmtpa A=dovecot_login:[email protected] S=572 
[email protected] T="test" for [email protected]
2020-03-30 15:02:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1jIoRn-0004MT-RH
2020-03-30 15:02:59 1jIoRn-0004MT-RH Sender identification U=basecrea 
D=xxx.com [email protected]
2020-03-30 15:02:59 1jIoRn-0004MT-RH SMTP connection outbound 1585551779 
1jIoRn-0004MT-RH xxx.com [email protected]
2020-03-30 15:03:40 1jIoRn-0004MT-RH H=tidamg2.tid.gov.hk [202.38.18.3]: 
DANE error: tlsa lookup DEFER
2020-03-30 15:04:20 1jIoRn-0004MT-RH H=tidamg1.tid.gov.hk [202.38.18.2]: 
DANE error: tlsa lookup DEFER
2020-03-30 15:05:00 1jIoRn-0004MT-RH H=tidamg3.tid.gov.hk 
[203.184.133.146]: DANE error: tlsa lookup DEFER
2020-03-30 15:05:00 1jIoRn-0004MT-RH == [email protected] 
R=dkim_lookuphost T=dkim_remote_smtp defer (-36): DANE error: tlsa 
lookup DEFER




On 2020-03-25 17:22, Viktor Dukhovni wrote:


> On Wed, Mar 25, 2020 at 01:10:53PM -0400, Phil Pennock via Exim-users 
wrote:

>
> > On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote:

> > > We recently received many of our end users complains that they 
are having problem sending email to *.gov.hk with this exim error:

> > > DANE ERROR: TLSA LOOKUP DEFER
> >
> > Their DNS is broken.
>
> It would best if the OP were at liberty to post one or (ideally) more
> example domains, or send the examples to me off-list if preferred.
>
> > > However we have contacted our government and their responds is:

> > > “Our DNSSEC setup is fine, and it is not nesserary to have DANE 
setup together with DNSSEC , so it is the exim MTA problem. We have not 
actually setup DANE “
> > > Now here comes the problem: how can we solve this problem 
passively? We have many cPanel server with Exim.

> >
> > You have one of these two options set on your SMTP Transport:
> >
>
> Indeed each sender can work around the problem for themselves, but
> that's suboptimal if the problem is on the receiving side. Ideally, if
> there is breakage on the gov.hk side, we should be able to demonstrate
> it to them in a way that elicits action to remediate the problem.
>
>
>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to