running
postfix 3.7.2
mailing to
cas...@state.gov
i see lots of these,
2022-10-05T17:30:08.780807-04:00 mx03 postfix/qmgr[1392]: 4MjvVm57Jhz3n:
from=<txxx...@example.com>, size=7604, nrcpt=1 (queue active)
2022-10-05T17:30:08.781256-04:00 mx03
postfix/submit-from-local/smtpd[8477]: disconnect from
internal.mx.example.net[10.17.1.32] ehlo=1 xforward=2 mail=1 rcpt=1 data=1
quit=1 commands=7
2022-10-05T17:30:13.277421-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: DANE TLSA lookup problem: Host or domain name not found. Name service
error for name=_25._tcp.christopher-ew.state.gov type=TLSA: Host not found, try
again
2022-10-05T17:30:13.602684-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: DANE TLSA lookup problem: Host or domain name not found. Name service
error for name=_25._tcp.christopher-ew.state.gov type=TLSA: Host not found, try
again
2022-10-05T17:30:13.602980-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: TLS policy lookup for state.gov/christopher-ew.state.gov: TLSA lookup
error for christopher-ew.state.gov:25
2022-10-05T17:30:14.353543-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: DANE TLSA lookup problem: Host or domain name not found. Name service
error for name=_25._tcp.stimson.state.gov type=TLSA: Host not found, try again
2022-10-05T17:30:14.619838-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: DANE TLSA lookup problem: Host or domain name not found. Name service
error for name=_25._tcp.stimson.state.gov type=TLSA: Host not found, try again
2022-10-05T17:30:14.620029-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: TLS policy lookup for state.gov/stimson.state.gov: TLSA lookup error
for stimson.state.gov:25
2022-10-05T17:30:14.620076-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: TLS policy lookup for state.gov/stimson.state.gov: TLSA lookup error
for stimson.state.gov:25
2022-10-05T17:30:14.620099-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: TLS policy lookup for state.gov/christopher-ew.state.gov: TLSA lookup
error for christopher-ew.state.gov:25
2022-10-05T17:30:14.620133-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
warning: TLS policy lookup for state.gov/christopher-ew.state.gov: TLSA lookup
error for christopher-ew.state.gov:25
2022-10-05T17:30:14.631186-04:00 mx03 postfix/smtp-out-ext/smtp[8484]:
4MjvVm57Jhz3n: to=<cas...@state.gov>, relay=none, delay=5.9,
delays=0.07/0.01/5.8/0, dsn=4.7.5, status=deferred (TLSA lookup error for
christopher-ew.state.gov:25)
i personally don't recall every seeing one of these DANE TLSA errors
reading
Problem with TLSA & CNAME Wildcard
https://mailing.postfix.users.narkive.com/VGejQATw/problem-with-tlsa-cname-wildcard
suggests a resolver problem
checking with my local resolver (unbound),
dig +ad +noall +comment +ans +auth -t tlsa
_25._tcp.christopher-ew.state.gov
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 491
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
vs Cloudflare
dig +ad +noall +comment +ans +auth -t tlsa
_25._tcp.christopher-ew.state.gov @1.1.1.1
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64831
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; AUTHORITY SECTION:
state.gov. 900 IN SOA
o-bimc-dns001.grid.state.sbu. hostmaster.state.gov. 71488 10800 1080 2419200 900
anyone here have a hint what to test/check?
seems like it's my resolver ... and not postfix or its config. (?)
digging, so far, i'm seeing lots of references to the error online, and
questions about unbound but no answer/resolution -- yet.
