Re: [mailop] outlook.com connecting SMTP and immediately disconnecting - not transmitting emails - n

Sebastian Nielsen via mailop Fri, 20 Feb 2026 08:55:52 -0800

if you have DANE, I recomment locking your private key so it don't get changed 
by lets encrypt. So renew are done with the same public key.


This by running:
certbot reconfigure --cert-name yourdomain.com --reuse-key


In this way, you don't need to update your TLSA records for every renew.

-----Ursprungligt meddelande-----
Från: Benoît Panizzon via mailop <[email protected]> 
Skickat: den 20 februari 2026 16:54
Till: Viktor Dukhovni via mailop <[email protected]>
Kopia: Viktor Dukhovni <[email protected]>
Ämne: Re: [mailop] outlook.com connecting SMTP and immediately disconnecting - 
not transmitting emails - n

Hi Viktor

> > Receiving end is Postfix with an Let's encrypt wildcard cert. As far
> > the cert looks valid, the chain looks ok.  
> 
> This is not the first time on this list that I've had to remind email
> server operators that DANE TLSA records are not a fashion statement,
> and require timely monitoring:
> 
>     https://stats.dnssec-tools.org/explore/?woody.ch

This is not the affected domain, but I guess you found the issue.

> Microsoft supports DANE outbound.  If you don't look after your DANE
> TLSA records, you'll start losing email.
> 
> I am curious why you've chosen to not monitor your TLSA records, any
> insight would be appreciated...

Complete oversight of my part. As a 'technophile' I try out stuff, and
in the case of DANE, yes, it's a good idea, but it became too
cumbersome to maintain when I switched the affected domains to let's
encrypt. I just scripted to restart the services affected when the cert
changes but completely neglected DANE.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Re: [mailop] outlook.com connecting SMTP and immediately disconnecting - not transmitting emails - n

Reply via email to