On Mon, May 02, 2022 at 12:04:13PM +1000, raf wrote:
> The test email bounced with the following report:
>
> > Diagnostic information for administrators:
> >
> > Generating server: ME3PR01MB8390.ausprd01.prod.outlook.com
> > Receiving server: ME3PR01MB8390.ausprd01.prod.outlook.com
> >
> > [email protected]
> > 5/1/2022 12:09:32 AM - Server at ME3PR01MB8390.ausprd01.prod.outlook.com
> > returned '550 5.4.317 Message expired, cannot connect to remote
> > server(451 4.7.5 Remote certificate MUST have a subject alternative name
> > matching the hostname (MTA-STS))'
> > 4/30/2022 11:59:28 PM - Server at libslack.org (82.134.31.111)
> > returned '450 4.4.317 Cannot connect to remote server [Message=451
> > 4.7.5 Remote certificate MUST have a subject alternative name matching
> > the hostname (MTA-STS)] [LastAttemptedServerName=libslack.org]
> > [LastAttemptedIP=82.134.31.111:25]
> > [SY4AUS01FT024.eop-AUS01.prod.protection.outlook.com](451 4.7.5 Remote
> > certificate MUST have a subject alternative name matching the hostname
> > (MTA-STS))'
>
> The test email was sent to [email protected].
> libslack.org's MX record points to smtp10.infotech.no.
> smtp10.infotech.no's IP address is 82.134.31.111.
> https://mta-sts.libslack.org/.well-known/mta-sts.txt
> contains "mx: smtp10.infotech.no".
That MX host has a self-signed certificate with a name of
"elrond10.infotech.no", which is rather at odds of the promised support
for MTA-STS, which requires a Web-PKI trusted certificate with a DNS
subject alternative name matching the MX hostname.
The details of the error message may be variously misleading, but that
does not change the fact that this domain should not promise what it
does not deliver.
--
Viktor.
