Hello, I’d like to inquire why emails sent to docomo.ne.jp addresses are failing to deliver, while emails from other providers like Google and Microsoft are being received normally? I’m using the same server. When I send emails through other PowerMTA servers, they deliver successfully.
What is the bounce message?
I checked under /var/log/kumomta and found no other error logs. Only files like 20250908-072712.953050438 exist, but they are unreadable.
{“type":“TransientFailure”,“id”:“cf19a5478c8a11f092c8bc2411af7cb4”,“sender”:"no-reply_60@goldenmarine.net”,“recipient”:“vdutkqid2pubkb4899bh@docomo.ne.jp”,“queue”:“docomo.ne.jp”,“site”:“unspecified->mfsmax.docomo.ne.jp@smtp_client”,“size”:0,“response”:{“code”:400,“enhanced_code”:null,“content”:“KumoMTA internal: failed to connect to any candidate hosts: TLS handshake with ResolvedAddress { name: "mfsmax.docomo.ne.jp.", addr: 203.138.180.240 }:25 failed: invalid peer certificate: certificate not valid for name "mfsmax.docomo.ne.jp"; certificate is only valid for DnsName("docomo.ne.jp"), TLS handshake with ResolvedAddress { name: "mfsmax.docomo.ne.jp.", addr: 203.138.181.240 }:25 failed: invalid peer certificate: certificate not valid for name "mfsmax.docomo.ne.jp"; certificate is only valid for DnsName("docomo.ne.jp"), TLS handshake with ResolvedAddress { name: "mfsmax.docomo.ne.jp.", addr: 203.138.180.112 }:25 failed: invalid peer certificate: certificate not valid for name "mfsmax.docomo.ne.jp"; certificate is only valid for DnsName("docomo.ne.jp"), TLS handshake with ResolvedAddress { name: "mfsmax.docomo.ne.jp.", addr: 203.138.181.112 }:25 failed: invalid peer certificate: certificate not valid for name "mfsmax.docomo.ne.jp"; certificate is only valid for DnsName("docomo.ne.jp")”,“command”:null},“peer_address”:null,“timestamp”:1757320104,“created”:1757318825,“num_attempts”:1,“bounce_classification”:“Uncategorized”,“egress_pool”:“unspecified”,“egress_source”:“unspecified”,“source_address”:null,“feedback_report”:null,“meta”:{},“headers”:{},“delivery_protocol”:“ESMTP”,“reception_protocol”:“ESMTP”,“nodeid”:“f8f9a62e-7c4d-4609-b58e-03e6e6ade932”,“session_id”:“98ec6053-f762-4717-be53-6b8358960852”}
waiting for more files
You can try shaping.toml
["docomo.ne.jp"]
enable_tls = "Disabled"
OK
My guess, if he works, please give me feedback
Yes, he’s working, and he’s handled the issue perfectly.
You could also do this instead for docomo:
["docomo.ne.jp"]
remember_broken_tls = '3 days'
The difference is that this one will try TLS, but if it fails will skip trying TLS for the configured 3 days.
Thanks, bro. So it was docomo.ne.jp. The certificate mismatch caused the email to be discarded, which is why it didn’t make it to the inbox, right?
Thanks, bro. I really appreciate your patience. I’m still a beginner and feel like I have so much to learn.
Yes, KumoMTA will be less forgiving of deviation from RFCs and other broken email practices, at least out of the box, which is where things like remember_broken_tls come in.
Thank you so much for your patience. I’m still a beginner and feel like there’s so much more to learn.