{"organization-name":"Microsoft
Corporation","date-range":{"start-datetime":"2021-03-30T00:00:00Z","end-datetime":"2021-03-30T23:59:59Z"},"contact-info":"tlsrpt-noreply(_at_)microsoft(_dot_)com","report-id":"132616914860181612+n0.lt","policies":[{"policy":{"policy-type":"sts","policy-string":["version:
STSv1","mode: enforce","mx: mx.n0.lt","max_age:
84600"],"policy-domain":"n0.lt"},"summary":{"total-successful-session-count":0,"total-failure-session-count":492},"failure-details":[{"result-type":"certificate-host-mismatch","failed-session-count":492}]}]}
Do they complain about the certificate which includes both n0.lt and
*.n0.lt anyways?
Even without the CNAME error, why would it do that? The cert matches
the name of the MX.
So certificate-host-mismatch here should be understood that EITHER §4.1 [1]
(MX Host Validation) OR §4.2 [2] (Recipient MTA Certificate Validation)
failed and not that, according to the report, the certificate hostname
mismatched? Or what exactly?
It's probably just giving you the wrong error message.
Here's a radical idea: fix your MX entry and see if the errors go away.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp