I’ve enabled MTA-STS for the domain semperen.com. I have my gmail address forwarded to an address in that domain.
I’ve been getting daily reports from Gmail. What it shows is consistent
failures. Here is a sample from the JSON file
"summary": {
"total-successful-session-count": 0,
"total-failure-session-count": 20
},
"failure-details": [
{
"result-type": "validation-failure",
"sending-mta-ip": "2607:f8b0:4864:20::931",
"receiving-ip": "2600:1f16:940:9420:c0eb:3db8:9c94:df05",
"receiving-mx-hostname": "smtp.semperen.com",
"failed-session-count": 2
},
I see these for various sending-mta-ip’s which I assume are the outbound gmail
gateways. What I’m trying to figure out is why there is a failed session count.
semperen.com <http://semperen.com/> mta-sts passes with
https://esmtp.email/tools/mta-sts/ <https://esmtp.email/tools/mta-sts/>
semperen.com <http://semperen.com/> mta-sls fails with
https://aykevl.nl/apps/mta-sts/ <https://aykevl.nl/apps/mta-sts/> . It throws
a certificate validation error.
For the STARTTLS cert I’m using LetsEncrypt. DANE is also in place.
My question is what could be the cause of the failure?
1. Certificate validation error in the certificate chain
2. No reverse DNS for the IPv6 address
The host is in AWS and has a PTR for IPv4 setup correctly. Not sure if you can
do a PTR for IPv6 in AWS
Mail is delivered successfully to and from gmail. DMARC and DKIM and SPF and
ARC all pass.
Any thoughts would be appreciated.
---
Eric Germann
ekgermann(at)semperen(dot)com || ekgermann(at)gmail(dot)com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
Telegram||Signal +1(dash)419(dash)513(dash)0712
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
