Looks like two different issues.
The certificate name on smtp3.strotmann.de doesn't match, it is mail.tidelock.de instead.
When using smtp2.strotmann.de, the TLS/DANE part works fine, but after this, and you attempt to send an email, it fails. posttls-finger: Verified TLS connection established to smtp2.strotmann.de[5.45.109.212]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) posttls-finger: > EHLO mx3.grsi.com posttls-finger: < 500 5.5.1 Command unrecognized posttls-finger: EHLO rejected: 500 5.5.1 Command unrecognized posttls-finger: > QUIT
I am not sure what is talking here, but it's not postfix and it's not allowing the ehlo to be processed.
Quoting "Carsten Strotmann (sys4)" cs@sys4.de:
Hi,
I've got a report from a user that tries to send an mail from GMX to my private mail account.
The mail-account is secured by DANE/TLSA and running on Postfix. "dane.sys4.de" does not report any issues, but GMX refuses to deliver mail with this message:
----------------------------schnipp---------------------------- This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
cas@strotmann.de: remote MX does not support STARTTLS ----------------------------schnipp----------------------------
Has anyone seen a similar issue? Any ideas how to troubleshoot?
Best regards
Carsten