Dear Postfix folks,
Using Postfix 3.6.0-rc1, for an email sent to x.y.molgen.mpg.de it looks
up the TLSA records for y.molgen.mpg.de instead of x.y.molgen.mpg.de:
2022-02-12T12:02:21+01:00 tldr postfix/smtp[25656]: warning: TLS
policy lookup for github.molgen.mpg.de/github.molgen.mpg.de: no TLSA
records found
2022-02-12T12:02:21+01:00 tldr postfix/smtp[25656]: 6D99D61E6478B:
to=<reply+aaaacsicemwr3r6pflrtadwacnzzlevbnhgs...@reply.github.molgen.mpg.de>,
relay=none, delay=0.3, delays=0.28/0.02/0/0, dsn=4.7.5, status=deferred
(no TLSA records found)
Indeed for github.molgen.mpg.de no MX record exists, but there shouldn’t
as the message goes to reply.github.molgen.mpg.de:
$ dig mx reply.github.molgen.mpg.de +dnssec +short
5 mx3.molgen.mpg.de.
MX 7 5 7200 20220318110038 20220216110038 14960 molgen.mpg.de.
kTDvX9PKXC9sk96QViR09wUATN3m96sz6Ha6FrMRBrjxUa1OU1AdhvVj
cJbRyetiHy3v+uOPdrng4NLVAow/omnF7Ph0twfz9p9EXUfOBBC/6QJJ
Ym5JfxgjDWReHVFw5Y+duQSXtvSOjJR0KwHECtcAClWxO0e98/EtvEmP
TQajwIkw5sA8wOmcIMu6BKIjaEZvEVB6NQxT72HrEpNbsKWnbBWfj71k
qYag1hsmuVWzjLtN8E2AtPYic13x55t8tV1hEnlHcgFAp2Fya1y+o6hA
okDMrg9JUf3/qSjjox3hY78IKAcw8KDz8DEwvjBnr76/6ut9zQ2oIc+P XA7N+w==
$ dig _25._tcp.mx3.molgen.mpg.de IN TLSA +short
3 1 2 7AAD43A0FDFF34452CA695A2B510F613A2997077E4C2EDFF2B32DE36
26552C2832EF72F5DC12B5FE3984BAFE1B87406207EDAD34A4F3E11F 49CD4A23DB83374C
The DANE SMTP Validator verifies, that it should work for
reply.github.molgen.mpg.de [1].
Any idea, why github.molgen.mpg.de is looked at?
Kind regards,
Paul
[1]: https://dane.sys4.de/smtp/reply.github.molgen.mpg.de
