Re: education.lu

Hey.

Am 19.01.2015 12:15, schrieb Wolfgang Breyha:

One of our users tried to send mail to the domain education.lu. [...] Exim refuses to talk to those hosts at all with "failure while setting up TLS session". Is this expected behavior in terms of DANE-SMTP? What's postfix doing in this case?

Postfix (2.11.2) seems to be able to talk to education.lu just fine:

posttls-finger: using DANE RR: _25._tcp.smtpgate2.restena.lu IN TLSA 1 0 2 75:12:52:FD:4B:22:7D:40:A0:FA:D1:D3:AB:3D:4B:67:49:49:D8:4E:8B:B9:9B:08:14:CC:08:27:5F:66:6C:1C:9C:92:67:B6:F5:F6:86:EA:D2:19:39:B8:1F:1E:2B:90:CE:7C:24:06:F3:2E:70:E0:BD:1D:44:BC:B6:10:00:4E posttls-finger: Connected to smtpgate2.restena.lu[158.64.1.59]:25 posttls-finger: < 220 smtpgate2.restena.lu ESMTP posttls-finger: > EHLO metis.tribut.de posttls-finger: < 250-smtpgate2.restena.lu posttls-finger: < 250-PIPELINING posttls-finger: < 250-SIZE 29622272 posttls-finger: < 250-STARTTLS posttls-finger: < 250-ENHANCEDSTATUSCODES posttls-finger: < 250 8BITMIME posttls-finger: > STARTTLS posttls-finger: < 220 2.0.0 Ready to start TLS posttls-finger: smtpgate2.restena.lu[158.64.1.59]:25: depth=0 matched end entity certificate sha512 digest 75:12:52:FD:4B:22:7D:40:A0:FA:D1:D3:AB:3D:4B:67:49:49:D8:4E:8B:B9:9B:08:14:CC:08:27:5F:66:6C:1C:9C:92:67:B6:F5:F6:86:EA:D2:19:39:B8:1F:1E:2B:90:CE:7C:24:06:F3:2E:70:E0:BD:1D:44:BC:B6:10:00:4E posttls-finger: smtpgate2.restena.lu[158.64.1.59]:25: Matched subjectAltName: *.restena.lu posttls-finger: smtpgate2.restena.lu[158.64.1.59]:25: subjectAltName: restena.lu posttls-finger: smtpgate2.restena.lu[158.64.1.59]:25 CommonName *.restena.lu posttls-finger: smtpgate2.restena.lu[158.64.1.59]:25: subject_CN=*.restena.lu, issuer_CN=GlobalSign Organization Validation CA - SHA256 - G2, fingerprint=ED:82:8A:81:32:90:E5:1F:94:39:15:5D:49:DE:2A:5A:40:5B:1F:51, pkey_fingerprint=2A:D8:19:E7:7E:C3:5D:06:4D:5E:5C:D9:49:D3:25:2F:31:82:43:D3 posttls-finger: Verified TLS connection established to smtpgate2.restena.lu[158.64.1.59]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) posttls-finger: > EHLO metis.tribut.de posttls-finger: < 250-smtpgate2.restena.lu posttls-finger: < 250-PIPELINING posttls-finger: < 250-SIZE 29622272 posttls-finger: < 250-ENHANCEDSTATUSCODES posttls-finger: < 250 8BITMIME posttls-finger: > QUIT posttls-finger: < 221 2.0.0 Bye

Regards felix