What is the name of the domain?
mattipaksula.enterprises
What is the error message?
upstream (mail.iki.fi.) error: failed to initialize: Failed to connect to upstream using TLS: failed to establishing a TLS connection
What is the issue you’re encountering
Mail routing to a destination that has a dnssec/dane (RFC 7672) verified private ca fails.
What steps have you taken to resolve the issue?
Cloudflare’s erro message is not helpful. It just says that TLS connection failed.
On the destiantion server, the log shows that cloudflare is unhappy with the ca and refuses to deliver the mail:
Oct 19 15:33:10 eilopu 1 2024-10-19T15:33:10.696025+03:00 eilopu.iki.fi sm-mta 13417 - - STARTTLS=server, error: accept failed=-1, reason=tlsv1 alert unknown ca, SSL_error=1, errno=0, retry=-1, relay=i-bff.cloudflare-email.net [104.30.8.155]
On cloudflare documentation there is nothing regarding the mail SSL certificates or ca’s. On web side, you can set the SSL requirement to full, which accepts self signed certificates, or full(strict) that requires a SSL certificate from a ‘trusted’ issuer.
What are the steps to reproduce the issue?
send test mail to cat.at.iki.fi@mattipaksula dot enterprises