On Mon, Jun 30, 2014 at 02:09:45PM +0200, Ralf Hildebrandt wrote:
> > > It was a DANE issue (on the receiving side)
> >
> > Any more detail?
>
> The other side forgot to update the DANE entry in the DNS after
> performing some changes.
If they really mean to provide a DANE TLS SMTP service, they should
change the TLSA certificate usage from PKIX-EE(1) to DANE-EE(3).
Before:
_25._tcp.mail.lastmikoi.net IN TLSA 1 0 1
4A5AA22D8E7BCD09D48A6C1A6ABBF12275BA24AC05F3285F66FCD8A1042973AC
After:
_25._tcp.mail.lastmikoi.pem. IN TLSA 3 1 1
0C0DEFF04DE5215D324C2AD2B4F70E3E4427D2663B4AC62D4020819F4F3846A6
--
Viktor.
