Looks like two different issues.
The certificate name on smtp3.strotmann.de doesn't match, it is
mail.tidelock.de instead.
When using smtp2.strotmann.de, the TLS/DANE part works fine, but after
this, and you attempt to send an email, it fails.
posttls-finger: Verified TLS connection established to
smtp2.strotmann.de[5.45.109.212]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
posttls-finger: > EHLO mx3.grsi.com
posttls-finger: < 500 5.5.1 Command unrecognized
posttls-finger: EHLO rejected: 500 5.5.1 Command unrecognized
posttls-finger: > QUIT
I am not sure what is talking here, but it's not postfix and it's not
allowing the ehlo to be processed.
Quoting "Carsten Strotmann (sys4)" <[email protected]>:
Hi,
I've got a report from a user that tries to send an mail from GMX to my
private mail account.
The mail-account is secured by DANE/TLSA and running on Postfix.
"dane.sys4.de" does not report any issues, but GMX refuses to deliver
mail with this message:
----------------------------schnipp----------------------------
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address(es)
failed:
[email protected]:
remote MX does not support STARTTLS
----------------------------schnipp----------------------------
Has anyone seen a similar issue? Any ideas how to troubleshoot?
Best regards
Carsten
