Bug#991026: exim4: DANE error: tlsa lookup DEFER
Andreas Metzler
ametzler at bebt.de
Tue Jul 13 17:39:04 BST 2021
On 2021-07-13 Simon Josefsson <simon at josefsson.org> wrote:
> Package: exim4
> Version: 4.92-8+deb10u6
> I got bounces due to delivery failures when mailing someone from my
> exim4-based mail server. The log file contains:
> 2021-07-13 06:20:20.720 [13321] 1m1lRa-0002RD-DO H=mailcluster.loopia.se [2a02:250:0:48::13]:25: DANE error: tlsa lookup DEFER
[...]
> 2021-07-13 06:20:20.726 [13320] 1m1lRa-0002RD-DO == xxx at vetiveradv.se R=dnslookup T=remote_smtp defer (-36): DANE error: tlsa lookup DEFER
> After a couple of days, it times out and I get a bounce back.
> Before I could try the 'hosts_try_dane' option, I changed the
> /etc/resolv.conf DNS servers from my ISP's to my own 127.0.0.1 unbound
> instance, thinking it may be a DNS server problem. Indeed, that
> resolved my problem, and delivery worked again.
> While the domain might contain buggy DANE records (it passes some checks
> [2] though?), it seems like a exim4 problem that things works fine with
> one DNS server and not another. I'm guessing the problem was not with
> the DANE records, but with the responses received from the DNS server?
> How can I debug the DNS problem further?
> This is the first case this happened, and I'm emailing many domains with
> DANE records, so I'm a bit puzzled what went wrong here.
Hello Simon,
looks indeed like the provider DNS server was broken. Does
host -t TLSA _25._tcp.mailcluster.loopia.se
work?
exim's debug facilities might have helped,e.g.
exim -M message-id -d+dns+host_lookup+resolver
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list