The mx lookup on effraie.org returns mx.effraie.org. The cert mx.effraie.org sends has a number of dnsnames, but not mx.effraie.org.
I bet that is why the session failed. The mx for 400iso.net, mx.400iso.net, sends the same cert and also likely will fail tls negotiation with some senders. In general, the name returned by the MX lookup is used as the TLS server name when tls verification is attempted. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 1024D/ED7DAEA6