I tried tcpdump and that led me to check my router for possible issues. I am now on a DMZ so that should eliminate that as a possibility. (Correct me if I'm wrong.)
Anyway, new DMZ has been working great and network seems fine. So after work I tried to get email from Netflix again but no joy. I used debug_peer_level = 4 to get the following output: May 31 20:02:07 server postfix/smtpd[2333]: initializing the server-side TLS engine May 31 20:02:07 server postfix/smtpd[2333]: connect from mx-ecom.netflix.com[208.75.76.252] May 31 20:02:07 server postfix/smtpd[2333]: match_hostname: mx-ecom.netflix.com ~? 127.0.0.0/8 May 31 20:02:07 server postfix/smtpd[2333]: match_hostaddr: 208.75.76.252 ~? 127.0.0.0/8 May 31 20:02:07 server postfix/smtpd[2333]: match_list_match: mx-ecom.netflix.com: no match May 31 20:02:07 server postfix/smtpd[2333]: match_list_match: 208.75.76.252: no match May 31 20:02:07 server postfix/smtpd[2333]: auto_clnt_open: connected to private/anvil May 31 20:02:07 server postfix/smtpd[2333]: event_enable_read: fd 19 May 31 20:02:07 server postfix/smtpd[2333]: send attr request = connect May 31 20:02:07 server postfix/smtpd[2333]: send attr ident = smtp:208.75.76.252 May 31 20:02:07 server postfix/smtpd[2333]: vstream_fflush_some: fd 19 flush 42 May 31 20:02:07 server postfix/smtpd[2333]: vstream_buf_get_ready: fd 19 got 25 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: status May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: status May 31 20:02:07 server postfix/smtpd[2333]: input attribute value: 0 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: count May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: count May 31 20:02:07 server postfix/smtpd[2333]: input attribute value: 1 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: rate May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: rate May 31 20:02:07 server postfix/smtpd[2333]: input attribute value: 1 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: (list terminator) May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: (end) May 31 20:02:07 server postfix/smtpd[2333]: > mx-ecom.netflix.com[208.75.76.252]: 220 server.workflowproducts.com ESMTP Postfix May 31 20:02:07 server postfix/smtpd[2333]: watchdog_pat: 0x100133330 May 31 20:02:07 server postfix/smtpd[2333]: vstream_fflush_some: fd 16 flush 47 May 31 20:02:08 server postfix/smtpd[2159]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] May 31 20:02:08 server postfix/smtpd[2159]: disconnect from mx-ecom.netflix.com[208.75.76.252] Towards the end there I noticed "vstream_fflush_some" and "watchdog_pat". There isn't much to be had on google but it seems they are usually followed by a "fatal: watchdog timeout" if there were a timeout on my end. Regards, Justin T $ postconf -n biff = no command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 4 debug_peer_list = netflix.com enable_server_options = yes header_checks = pcre:/etc/postfix/custom_header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mail_owner = _postfix mailbox_size_limit = 0 mailbox_transport = dovecot mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, workflowproducts.org, wfprod.org, wfprod.com, workflowproducts.com mydomain = workflowproducts.com mydomain_fallback = localhost myhostname = server.workflowproducts.com mynetworks = 127.0.0.0/8 newaliases_path = /usr/bin/newaliases queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated check_client_access hash:/etc/postfix/client_whitelist reject_unknown_client_hostname reject_rbl_client zen.spamhaus.org permit smtpd_enforce_tls = no smtpd_helo_required = yes smtpd_helo_restrictions = reject_unknown_hostname reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_non_fqdn_helo_hostname smtpd_pw_server_security_options = gssapi,cram-md5,login smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unlisted_recipient check_client_access hash:/etc/postfix/client_restrictions check_client_access hash:/etc/postfix/hostname_restrictions reject_unauth_destination check_policy_service unix:private/policy permit smtpd_sasl_auth_enable = yes smtpd_tls_CAfile = /etc/certificates/server.workflowproducts.com.CBC832B89B5D07F033AB998F95C4563DF981A6A8.chain.pem smtpd_tls_cert_file = /etc/certificates/server.workflowproducts.com.CBC832B89B5D07F033AB998F95C4563DF981A6A8.cert.pem smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /etc/certificates/server.workflowproducts.com.CBC832B89B5D07F033AB998F95C4563DF981A6A8.key.pem smtpd_tls_loglevel = 2 smtpd_use_pw_server = yes smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_client_reject_code = 550 unknown_local_recipient_reject_code = 550 virtual_alias_maps =
