Join Log in
Score:2
manifestor avatar Server

TLSA lookup error for dhmx02.web.de:25

mp flag
manifestor

we are running a mail server and always the same error in the logs (for a specific recipient):

Aug 23 05:39:17 Mailer postfix/smtp[13561]: warning: DANE
    TLSA lookup problem: Host or domain name not found. Name 
    service error for name=_25._tcp.dhmx02.web.de type=TLSA:
    Host not found, try again
Aug 23 05:39:17 Mailer postfix/smtp[13561]: warning: TLS
    policy lookup for xyz.com/dhmx02.web.de: TLSA lookup
    error for dhmx02.web.de:25
Aug 23 05:39:17 Mailer postfix/smtp[13561]: 9BEA23EC68:
    to=<[email protected]>, relay=none, delay=4509,
    delays=4236/0.05/272/0, dsn=4.7.5, status=deferred
    (TLSA lookup error for dhmx02.web.de:25)

The emails come back with the following information:

This is the mail system at host mx00.unser-mail-server.com.
I'm sorry to have to inform you that your message could not
 be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
 delete your own text from the attached returned message.
The mail system
<[email protected]>: TLSA lookup error for dhmx02.web.de:25
Reporting-MTA: dns; mx00.unser-mail-server.com
 X-Postfix-Queue-ID: 9BEA23EC68
 X-Postfix-Sender: rfc822; [email protected]
 Arrival-Date: Mon, 23 Aug 2021 04:24:08 +0200 (CEST)
Final-Recipient: rfc822; [email protected]
 Original-Recipient: rfc822;[email protected]
 Action: failed
 Status: 4.7.5
 Diagnostic-Code: X-Postfix; TLSA lookup error for dhmx02.web.de:25

The following software is used on the server (Debian 10):

root|mailer|/etc/rspamd|# dpkg --list | egrep -i -- "(unbound|postfix|rspam|dovecot)"                                                             
ii  dovecot-core                   1:2.3.4.1-5+deb10u5               amd64        secure POP3/IMAP server - core files                            
ii  dovecot-imapd                  1:2.3.4.1-5+deb10u5               amd64        secure POP3/IMAP server - IMAP daemon                           
ii  dovecot-lmtpd                  1:2.3.4.1-5+deb10u5               amd64        secure POP3/IMAP server - LMTP server                           
ii  dovecot-managesieved           1:2.3.4.1-5+deb10u5               amd64        secure POP3/IMAP server - ManageSieve server                    
ii  dovecot-mysql                  1:2.3.4.1-5+deb10u5               amd64        secure POP3/IMAP server - MySQL support                         
ii  dovecot-sieve                  1:2.3.4.1-5+deb10u5               amd64        secure POP3/IMAP server - Sieve filters support                 
ii  libunbound8:amd64              1.9.0-2+deb10u2                   amd64        library implementing DNS resolution and validation              
ii  postfix                        3.4.14-0+deb10u1                  amd64        High-performance mail transport agent
ii  postfix-mysql                  3.4.14-0+deb10u1                  amd64        MySQL map support for Postfix
ii  rspamd                         2.5-1~bpo10+1                     amd64        Rapid spam filtering system
ii  unbound                        1.9.0-2+deb10u2                   amd64        validating, recursive, caching DNS resolver
ii  unbound-anchor                 1.9.0-2+deb10u2                   amd64        utility to securely fetch the root DNS trust anchor

Unbound is used as resolver on the server, can this be the reason?

How can I fix the TLSA lookup error for dhmx02.web.de:25? IT seems that it's realated to the receivers server, but he claims that he can't receive emails only from our mail server.

Does anyone have a clue how to solve the problem?

117
0 + 3
Michael Hampton avatar
cz flag
Michael Hampton
That doesn't quite add up. Post all the mail server logs for that particular message.
0
Reply
manifestor avatar
mp flag
manifestor
@MichaelHampton thanks for letting me know, I just uploaded additional log entries - I could not add any more of it, there's no more information regarding this message. It seems like the domain `xyz.com` is misconfigured in terms how it uses `dhmx02.web.de` as an email relay. What do you think?
0
Reply
anx avatar
fr flag
anx
As far as I can see, *xyz.com* is using googlemail, not web.de MX.. ([bad obfuscation](https://meta.serverfault.com/questions/963/what-information-should-i-include-or-obfuscate-in-my-posts)?)
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.