Hi, Am 02.02.2016 um 12:43 schrieb Andreas Schulze: > Hallo, > > postbank.de is known (to me) as broken somehow. Today I noticed delivery > problems to dslbank.de > That focused my attention again to that unsolved issue. > > $ posttls-finger dslbank.de > posttls-finger: warning: DANE TLSA lookup problem: Host or domain name not > found. Name service error for name=_25._tcp.mailrelay1.bonn.postbank.de > type=TLSA: Host not found, try again > posttls-finger: warning: DANE TLSA lookup problem: Host or domain name not > found. Name service error for name=_25._tcp.mailrelay1.bonn.postbank.de > type=TLSA: Host not found, try again > posttls-finger: Failed to establish session to dslbank.de via > mailrelay1.bonn.postbank.de: TLSA lookup error for > mailrelay1.bonn.postbank.de:25 > posttls-finger: warning: DANE TLSA lookup problem: Host or domain name not > found. Name service error for name=_25._tcp.mailrelay2.bonn.postbank.de > type=TLSA: Host not found, try again > posttls-finger: warning: DANE TLSA lookup problem: Host or domain name not > found. Name service error for name=_25._tcp.mailrelay2.bonn.postbank.de > type=TLSA: Host not found, try again > posttls-finger: Failed to establish session to dslbank.de via > mailrelay2.bonn.postbank.de: TLSA lookup error for > mailrelay2.bonn.postbank.de:25 > > ... > > But I wonder why dane.sys4.de tell me "No TLSA records." > In fact there is some magic @sys4 that understand, postbank.de do not publish > TLSA records. > postfix do not know this magic and leave messages undelivered in my queue :-/
Deutsche Postbank has some issues on its DNS servers: http://dnsviz.net/d/postbank.de/dnssec/ http://dnsviz.net/d/dslbank.de/dnssec/ http://dnsviz.net/d/bhw.de/dnssec/ (postbank|dslbank|bhw).de/DNSKEY: The response (512 bytes) was malformed. (62.153.105.1, 62.153.105.2, 195.50.155.127, UDP_0_EDNS0_32768_512) May this cause the reported problems on some systems? In fact I know Deutsche Postbank AG do not promote any TLSA / DANE records for any of its domains.
