On Sun, May 01, 2022 at 10:17:33PM -0400, Viktor Dukhovni <[email protected]> wrote:
> On Mon, May 02, 2022 at 12:04:13PM +1000, raf wrote: > > > The test email bounced with the following report: > > > > > Diagnostic information for administrators: > > > > > > Generating server: ME3PR01MB8390.ausprd01.prod.outlook.com > > > Receiving server: ME3PR01MB8390.ausprd01.prod.outlook.com > > > > > > [email protected] > > > 5/1/2022 12:09:32 AM - Server at ME3PR01MB8390.ausprd01.prod.outlook.com > > > returned '550 5.4.317 Message expired, cannot connect to remote > > > server(451 4.7.5 Remote certificate MUST have a subject alternative name > > > matching the hostname (MTA-STS))' > > > 4/30/2022 11:59:28 PM - Server at libslack.org (82.134.31.111) > > > returned '450 4.4.317 Cannot connect to remote server [Message=451 > > > 4.7.5 Remote certificate MUST have a subject alternative name matching > > > the hostname (MTA-STS)] [LastAttemptedServerName=libslack.org] > > > [LastAttemptedIP=82.134.31.111:25] > > > [SY4AUS01FT024.eop-AUS01.prod.protection.outlook.com](451 4.7.5 Remote > > > certificate MUST have a subject alternative name matching the hostname > > > (MTA-STS))' > > > > The test email was sent to [email protected]. > > libslack.org's MX record points to smtp10.infotech.no. > > smtp10.infotech.no's IP address is 82.134.31.111. > > https://mta-sts.libslack.org/.well-known/mta-sts.txt > > contains "mx: smtp10.infotech.no". > > That MX host has a self-signed certificate with a name of > "elrond10.infotech.no", which is rather at odds of the promised support > for MTA-STS, which requires a Web-PKI trusted certificate with a DNS > subject alternative name matching the MX hostname. > > The details of the error message may be variously misleading, but that > does not change the fact that this domain should not promise what it > does not deliver. > > -- > Viktor. Good point. This must be what the bounce message is trying to say. The MTA-STS wasn't intended. It was a result of using one of my domains for testing that server (and not being careful about it). I'll make sure MTA-STS is not involved at all for the next test. Thanks. cheers, raf
