* Viktor Dukhovni <postfix-users@postfix.org>: > On Mon, Jun 30, 2014 at 01:45:19PM +0200, Ralf Hildebrandt wrote: > > > > Jun 25 15:12:23 albatross postfix/smtp[16480]: Untrusted TLS > > > connection established to mail.lastmikoi.net[212.83.147.35]:25: > > > TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > > > > > Jun 25 15:12:23 albatross postfix/smtp[16480]: 3gz3jG3v0Mz7LjZ: > > > to=<...@lastmikoi.net>, relay=mail.lastmikoi.net[212.83.147.35]:25, > > > delay=2229, delays=2229/0/0.09/0, dsn=4.7.5, status=deferred > > > (Server certificate not trusted) > > > > > > But why is the server certificate not trusted (and the email being > > > deferred)? > > > > > > smtp_tls_security_level = dane > > > smtp_dns_support_level = dnssec > > > > It was a DANE issue (on the receiving side) > > Any more detail?
The other side forgot to update the DANE entry in the DNS after performing some changes. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein