Path: ...!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: Claus =?iso-8859-1?Q?A=DFmann?= <INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org>
Newsgroups: comp.mail.sendmail
Subject: Re: STS causes mail to be deferred
Date: Sat, 28 Dec 2024 01:08:46 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <vko4le$bcf$1@news.misty.com>
References: <20241227172622.75142a39@ryz.dorfdsl.de> <20241227203857.7c97ea22@ryz.dorfdsl.de> <vkn1o0$1g5$1@news.misty.com> <20241227212033.7e6cd694@ryz.dorfdsl.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 28 Dec 2024 06:08:46 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
	logging-data="11663"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
Bytes: 1792
Lines: 20

Marco Moock  wrote:

> Dec 26 21:39:18 srv1 sendmail[394144]: STARTTLS=client,
> relay=microsoft-com.mail.protection.outlook.com., version=TLSv1.3,
> verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
  ^^^^^^^^^^^

> to=<itex-rua@microsoft.com>, delay=13:11:09, xdelay=00:00:03,
> mailer=esmtp, pri=7501890, relay=microsoft-com.mail...ction.outlook.com.
> [IPv6:2a01:111:f403:f905:0:0:0:0], dsn=2.6.0, stat=Sent

> This happened after I disabled sts.

and if you enable STS mail cannot be sent because the server cert
cannot be verified.
sendmail works as it should.

Now you need to fix your CACert* settings -- check what openssl
uses in case it is able to verify the server.

BTW: doesn't M$ support DANE by now?