Re: email from comcast.net is bouncing

Mon, 26 Aug 2013 08:14:13 -0700 

>> >> SUBJECT: Delivery status notification
>> >> This is an automatically generated Delivery Status Notification.
>> >> Delivery to the following recipients was aborted after 7 second(s):
>> >> mas...@masked.com
>> >
>> > If you want that mail, whitelist them,
>>
>> They should already be whitelisted through my use of list.dnswl.org.
>
> Your SMTP server replied with 450. Either your configuration is
> wrong, or some DNS lookups time out. Note the above text says:
>
>     Delivery to the following recipients was aborted after 7 second(s)
>
> This could be a symptom of DNS lookup timeout.

Something must be wrong with my config.  In my log I can see that
postfix is returning 450 to many more comcast.net messages than it's
delivering.  It doesn't make sense for DNS to be timing out the vast
majority of the time.  I use a reputable DNS provider.  Should the
whitelist be indicated anywhere in the log?  I'm on
postfix-2.11_pre20130818.  Here's my config:

main.cf:
smtpd_recipient_restrictions =
        reject_unauth_destination,
        permit
postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org list.dnswl.org*-1
postscreen_dnsbl_whitelist_threshold = -1
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes

master.cf:
smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       n       -       -       smtpd
tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_recipient_restrictions=
   -o 
smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

>> I also have several of these:
>>
>> lost connection with mx1.comcast.net[68.87.26.147] while receiving the
>> initial server greeting
>> conversation with mx1.comcast.net[68.87.26.147] timed out while
>> receiving the initial server greeting
>
> Your SMTP *client* also has problems. Consider monitoring your
> packet loss rate.  I run "mtr" from a cron job.

Is it the sender's SMTP client that has problems?

- Grant

Reply via email to