On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote:
> We recently received many of our end users complains that they are having 
> problem sending email to *.gov.hk with this exim error: 
> DANE ERROR: TLSA LOOKUP DEFER

Their DNS is broken.

> However we have contacted our government and their responds is:
> “Our DNSSEC setup is fine, and it is not nesserary to have DANE setup 
> together with DNSSEC , so it is the exim MTA problem. We have not actually 
> setup DANE “
> Now here comes the problem: how can we solve this problem passively? We have 
> many cPanel server with Exim.

You have one of these two options set on your SMTP Transport:

    hosts_try_dane
    hosts_require_dane

Each of those takes a host-list, so might currently look like:

    hosts_try_dane = *

You can change that to look like:

    hosts_try_dane = !*.gov.hk : *

If the host-list references external files, take a look at those.

-Phil

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to