Another yahoo problem

Thu, 30 Mar 2017 05:28:45 -0700 

Hi
I have a problem with getting mails from yahoo, only from yahoo but now from all servers. 
here is the log:
Mar 30 13:48:16 wsrv postfix/tlsproxy[34871]: CONNECT from [98.137.64.231]:33591 Mar 30 13:48:16 wsrv postfix/tlsproxy[34871]: warning: TLS library problem: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1275:SSL alert number 46: Mar 30 13:48:16 wsrv postfix/tlsproxy[34871]: DISCONNECT [98.137.64.231]:33591 Mar 30 13:48:16 wsrv postfix/postscreen[15245]: HANGUP after 0.84 from [98.137.64.231]:33591 in tests after SMTP handshake Mar 30 13:48:16 wsrv postfix/postscreen[15245]: DISCONNECT [98.137.64.231]:33591 Mar 30 13:48:16 wsrv postfix/postscreen[15245]: CONNECT from [98.137.64.231]:37770 to [176.223.199.38]:25 Mar 30 13:48:17 wsrv postfix/postscreen[15245]: NOQUEUE: reject: RCPT from [98.137.64.231]:37770: 450 4.3.2 Service currently unavailable; from=<s.e.n.d.e.r.a.d.d.r.e....@yahoo.com>, to=<r.e.c.i.p.i.e....@d.d.d.com>, proto=ESMTP, helo=<sonic303-49.consmr.mail.gq1.yahoo.com> Mar 30 13:48:17 wsrv postfix/postscreen[15245]: PASS NEW [98.137.64.231]:37770 Mar 30 13:48:17 wsrv postfix/postscreen[15245]: DISCONNECT [98.137.64.231]:37770 

...
Mar 30 14:18:38 wsrv postfix/smtpd[41303]: connect from sonic303-49.consmr.mail.gq1.yahoo.com[98.137.64.231] Mar 30 14:18:38 wsrv postfix/smtpd[41303]: SSL_accept error from sonic303-49.consmr.mail.gq1.yahoo.com[98.137.64.231]: 0 Mar 30 14:18:38 wsrv postfix/smtpd[41303]: warning: TLS library problem: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1275:SSL alert number 46: Mar 30 14:18:38 wsrv postfix/smtpd[41303]: lost connection after STARTTLS from sonic303-49.consmr.mail.gq1.yahoo.com[98.137.64.231] Mar 30 14:18:38 wsrv postfix/smtpd[41303]: disconnect from sonic303-49.consmr.mail.gq1.yahoo.com[98.137.64.231] ehlo=1 starttls=0/1 commands=1/2 Mar 30 14:18:39 wsrv postfix/postscreen[15245]: CONNECT from [98.137.64.231]:33638 to [my.ip.add.ress]:25 Mar 30 14:18:39 wsrv postfix/postscreen[15245]: PASS OLD [98.137.64.231]:33638 Mar 30 14:18:39 wsrv postfix/smtpd[41303]: connect from sonic303-49.consmr.mail.gq1.yahoo.com[98.137.64.231] Mar 30 14:18:39 wsrv policyd-spf[41310]: spfcheck: pyspf result: "['None', '', 'helo']" Mar 30 14:18:39 wsrv policyd-spf[41310]: None; identity=no SPF record; client-ip=98.137.64.231; helo=sonic303-49.consmr.mail.gq1.yahoo.com; envelope-from=s.e.n.d.e.r.a.d.d.r.e....@yahoo.com; receiver=<UNKNOWN> Mar 30 14:18:39 wsrv policyd-spf[41310]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']" Mar 30 14:18:39 wsrv policyd-spf[41310]: Pass; identity=mailfrom; client-ip=98.137.64.231; helo=sonic303-49.consmr.mail.gq1.yahoo.com; envelope-from=s.e.n.d.e.r.a.d.d.r.e....@yahoo.com; receiver=<UNKNOWN> Mar 30 14:18:39 wsrv policyd-spf[41310]: prepend Authentication-Results: host.server.host; spf=pass (mailfrom) smtp.mailfrom=yahoo.com (client-ip=98.137.64.231; helo=sonic303-49.consmr.mail.gq1.yahoo.com; envelope-from=s.e.n.d.e.r.a.d.d.r.e....@yahoo.com; receiver=<UNKNOWN>) Mar 30 14:18:39 wsrv postfix/smtpd[41303]: 3vv2FC6QJmz53Nc7n: client=sonic303-49.consmr.mail.gq1.yahoo.com[98.137.64.231] Mar 30 14:18:40 wsrv postfix/cleanup[37513]: 3vv2FC6QJmz53Nc7n: message-id=<675236413.329268.1490870647...@mail.yahoo.com> Mar 30 14:18:40 wsrv opendkim[2145]: 3vv2FC6QJmz53Nc7n: sonic303-49.consmr.mail.gq1.yahoo.com [98.137.64.231] not internal 
Mar 30 14:18:40 wsrv opendkim[2145]: 3vv2FC6QJmz53Nc7n: not authenticated
Mar 30 14:18:40 wsrv opendkim[2145]: 3vv2FC6QJmz53Nc7n: DKIM verification successful 
Mar 30 14:18:40 wsrv opendmarc[2140]: 3vv2FC6QJmz53Nc7n: yahoo.com pass
Mar 30 14:18:40 wsrv postfix/qmgr[1771]: 3vv2FC6QJmz53Nc7n: from=<s.e.n.d.e.r.a.d.d.r.e....@yahoo.com>, size=3486, nrcpt=1 (queue active) Mar 30 14:18:40 wsrv amavis[40598]: (40598-09) ESMTP :10024 /var/spool/amavisd/tmp/amavis-20170330T141420-40598-z7bmC8PJ: <s.e.n.d.e.r.a.d.d.r.e....@yahoo.com> -> <r.e.c.i.p.i.e....@d.d.d.com> SIZE=3486 Received: from host.server.host ([127.0.0.1]) by localhost (host.server.host [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <r.e.c.i.p.i.e....@d.d.d.com>; Thu, 30 Mar 2017 14:18:40 +0300 (EEST) Mar 30 14:18:40 wsrv amavis[40598]: (40598-09) Checking: OBTvTMhgT_kq [98.137.64.231] <s.e.n.d.e.r.a.d.d.r.e....@yahoo.com> -> <r.e.c.i.p.i.e....@d.d.d.com> Mar 30 14:18:40 wsrv amavis[40598]: (40598-09) p003 1 Content-Type: multipart/alternative Mar 30 14:18:40 wsrv amavis[40598]: (40598-09) p001 1/1 Content-Type: text/plain, size: 118 B, name: Mar 30 14:18:40 wsrv amavis[40598]: (40598-09) p002 1/2 Content-Type: text/html, size: 675 B, name: Mar 30 14:18:40 wsrv clamd[41770]: /var/spool/amavisd/tmp/amavis-20170330T141420-40598-z7bmC8PJ/parts/p004: OK Mar 30 14:18:40 wsrv clamd[41770]: /var/spool/amavisd/tmp/amavis-20170330T141420-40598-z7bmC8PJ/parts/p001: OK Mar 30 14:18:40 wsrv clamd[41770]: /var/spool/amavisd/tmp/amavis-20170330T141420-40598-z7bmC8PJ/parts/p002: OK Mar 30 14:18:40 wsrv postfix/smtpd[41303]: disconnect from sonic303-49.consmr.mail.gq1.yahoo.com[98.137.64.231] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 

At the end I think the mail is received in plain text
Could be the problem at my side?
As I see the alert number 46 is unacceptable certificate .. so the problem is at the sender side? Can I apply a workaround at my side? 

        Thanks
        Levi




postfix version 3.2-20170122

#postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
append_at_myorigin = no
append_dot_mydomain = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 
default_destination_recipient_limit = 30
dk_milter = inet:localhost:8892
dkim_milter = inet:localhost:8891
dmarc_milter = inet:localhost:8893
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 8000s
message_size_limit = 0
meta_directory = /etc/postfix
milter_default_action = accept
milter_protocol = 6
mime_header_checks = regexp:/etc/postfix/mime_header_checks
minimal_backoff_time = 1800s
mydestination = localhost, $myhostname, localhost.$mydomain
mydomain = d.d.d.com
myhostname = wsrv.d.d.d.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
nested_header_checks = regexp:/etc/postfix/nested_header_checks
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $dk_milter,$dkim_milter,$dmarc_milter
policy-spf_time_limit = 3600s
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr, cidr:/etc/postfix/postscreen_spamhaus.cidr 
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_cache_retention_time = 14d
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = rbl.abuse.ro*2 zen.spamhaus.org*3 b.barracudacentral.org*3 bl.spameatingmonkey.net*2 bl.mailspike.net*1 bl.spamcop.net*1 swl.spamhaus.org*-4 list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -1
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner/Postscreen enabled
postscreen_non_smtp_command_action = ignore
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_action = ignore
postscreen_pipelining_enable = yes
proxy_read_maps = $local_recipient_maps, $mydestination, $virtual_alias_maps, $virtual_alias_domains, $sender_bcc_maps, $virtual_mailbox_maps, $virtual_mailbox_domains, $relay_recipient_maps $relay_domains, $canonical_maps, $sender_canonical_maps, $recipient_canonical_maps, $relocated_maps, $transport_maps, $mynetworks, $smtpd_sender_login_maps 
queue_directory = /var/spool/postfix
queue_run_delay = 1200s
readme_directory = no
receive_override_options = no_address_mappings
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf 
sample_directory = /etc/postfix
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = no
smtp_sasl_tls_security_options = noanonymous
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf 
smtpd_data_restrictions =
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo 
smtpd_milters = $dkim_milter,$dmarc_milter
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policy-spf, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unlisted_sender, reject_rbl_client zen.spamhaus.org, check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre 
smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf smtpd_sender_restrictions = permit_mynetworks, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf 
smtpd_tls_cert_file = /etc/letsencrypt/live/d.d.d.com/fullchain.pem
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh512.pem
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/letsencrypt/live/d.d.d.com/privkey.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtputf8_enable = no
transport_maps = hash:/etc/postfix/transport, hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf 
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf 
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf




--
           Levi

Reply via email to