Hello Viktor, Hello List-Participants,
On Thu, 19 May 2016 16:04:19 +0000 Viktor Dukhovni ietf-dane@dukhovni.org wrote:
I was going to guess that spamd or similar is the most likely culprit, even before you said you're running it.
https://dane.sys4.de/common_mistakes#8It might be enabling TLS only for cached "known good" clients, but that is not compatible with DANE.
I've found the issue, it was a configuration error on my behalf on the IPv4 side of "smtp2.strotmann.de" that causes STARTTLS to be denied (for all clients).
The IPv6 side of the configuration was always working and most mail-sender preferred IPv6, that is the reason why the configuration issue was not seen immediatly. Lesson learned: monitoring needs to cover IPv4 and IPv6 separatly.
The GMX people have contacted me and were very helpful in debugging this issue.
This now seems to be fixed, mail from GMX is coming in again.
Have a good week!
Carsten