TLSA lookup error

1492166 shared this problem 1 week ago
Published

Hi,

Since 2 weeks I'm getting an error when sending mail to @kpn.com email addresses. The error I get is : TLSA lookup error for mail4.kpnnet.org:25

I'm not sure if the problem is at the kpn.com domain or at the mailbox.org domain. Can someone please help with this, i did a lot of investigation but not able to find out where the problem is.

I make use of the mailbox.org webemail.

Thanks for the help,

George

Comments (2)

photo
2

Hi George,

analyzing the issue it appears that in the time before two weeks kpn.com was able to set up a secure DANE (TLSA) connection with us. Our servers then remembered this setting. Then on the kpn.com side this was changed for some reason and ever since our servers cannot establish this type of connection.

We typically don't lower a once established standard, as this might allow for man in the middle attacks.

Please also refer to https://dane.sys4.de/smtp/kpn.com where you can see that TLSA is not supported anymore.

Our advice for you would be to get in touch with kpn support and fill them in about this issue.

Should they not be able to assist, please open a ticket with us including their findings.

Cheers

photo
1

Thank you for this, its very helpfull. Currently busy with the administrator and will let you know the outcome.

Thanks,

George