On Tue, July 10, 2018 20:35, Viktor Dukhovni wrote:
>
> The connecting client did not like one of the certificates in the
> chain. Perhaps it expected to find working a WebPKI certificate
> from one of the usual suspects ("browser bundle" public root CAs).
>
> You should ask the postmaster of the sending domain? Is the problem
> ongoing? Or a transient glitch?
>
It is an ongoing problem with delivery to us of the samba-users
mailing list digest, of which I am a subscriber.
I am in communication with the person directly responsible for
implementing DANE at that site. They have just implemented DANE which
is when the problems first started.
As we use 'smtp_tls_security_level = dane' and as they are missing a
number of TLSA RRs their problem with us may be an incomplete
implementation. I have referred them to:
https://dane-test.had.dnsops.gov/server/dane_check.cgi?host=hr1.samba.org.
We will see if any changes result.
Thank you for your help, as always.
Regards,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
