Hi postfix users, I’m new here. I have setup postfix recently on my AWS instance and things work pretty well. I can read (dovecot) and sent (postfix) and all works well. I experienced some uncertainty lately and i was hoping maybe one of you could assist me, or maybe you experienced this before, yourself.
1. DKIM. This is not really postfix related but if anyone knows i’d appreciate it. When i send mail from my domain to another domain (say outlook) it adds the signature field and is fine. Aug 16 08:58:56 www postfix/cleanup[12690]: 4A61A63F61: message-id=<e09e3d20-fbfb-44ea-9cdd-24082d934...@mydomain.com<mailto:e09e3d20-fbfb-44ea-9cdd-24082d934...@mydomain.com>> Aug 16 08:58:56 www opendkim[13789]: 4A61A63F61: DKIM-Signature field added (s=default, d=mydomain.com<http://mydomain.com>) Aug 16 08:58:56 www postfix/qmgr[14386]: 4A61A63F61: from=<sa...@mydomain.com<mailto:sa...@mydomain.com>>, size=778, nrcpt=1 (queue active) When i get an email from outlook.com<http://outlook.com> i see this. Is that normal ? Worried slightly about the not authenticated and failed to parse messages. Aug 16 09:01:47 www postfix/cleanup[12710]: B609463F61: message-id=<db5pr03mb11111d02543e8f7833add9e9c9...@db5pr03mb1111.eurprd03.prod.outlook.com<mailto:db5pr03mb11111d02543e8f7833add9e9c9...@db5pr03mb1111.eurprd03.prod.outlook.com>> Aug 16 09:01:47 www opendkim[13789]: B609463F61: mail-oln040092068076.outbound.protection.outlook.com<http://mail-oln040092068076.outbound.protection.outlook.com> [40.92.68.76] not internal Aug 16 09:01:47 www opendkim[13789]: B609463F61: not authenticated Aug 16 09:01:47 www opendkim[13789]: B609463F61: failed to parse authentication-results: header field Aug 16 09:01:47 www opendkim[13789]: B609463F61: DKIM verification successful Aug 16 09:01:47 www postfix/qmgr[14386]: B609463F61: from=<u...@outlook.com<mailto:u...@outlook.com>>, size=5355, nrcpt=1 (queue active) 2. Why do i sometimes get a anonymous TLS connection. Aug 16 09:01:47 www postfix/smtpd[12706]: SSL_accept:SSLv3 flush data Aug 16 09:01:47 www postfix/smtpd[12706]: Anonymous TLS connection established from mail-oln040092068076.outbound.protection.outlook.com<http://mail-oln040092068076.outbound.protection.outlook.com>[40.92.68.76]: TLSv1.2 with cipher AES256-SHA256 (256/256 bits) And sometimes a regular TLS connection ? Same ip and same cipher as well. Aug 16 09:01:47 www postfix/smtpd[12706]: initializing the server-side TLS engine Aug 16 09:01:47 www postfix/smtpd[12706]: connect from mail-oln040092068076.outbound.protection.outlook.com<http://mail-oln040092068076.outbound.protection.outlook.com>[40.92.68.76] Aug 16 09:01:47 www postfix/smtpd[12706]: setting up TLS connection from mail-oln040092068076.outbound.protection.outlook.com<http://mail-oln040092068076.outbound.protection.outlook.com>[40.92.68.76] Aug 16 09:01:47 www postfix/smtpd[12706]: mail-oln040092068076.outbound.protection.outlook.com<http://mail-oln040092068076.outbound.protection.outlook.com>[40.92.68.76]: TLS cipher list "ALL:+RC4:@STRENGTH" Aug 16 09:01:47 www postfix/smtpd[12706]: Anonymous TLS connection established from mail-oln040092068076.outbound.protection.outlook.com<http://mail-oln040092068076.outbound.protection.outlook.com>[40.92.68.76]: TLSv1.2 with cipher AES256-SHA256 (256/256 bits) 3. Finally, i have this bizarre problem where 2 of my iMacs at home cannot connect to my mail server anymore. MacBook and iPhone work fine (although i had some problems with iPhone as well). It seems like a local issue (as i’m sure anyone would say) but i can’t for the life figure out what it is. All i get on the maillog is this: Aug 16 09:01:47 www postfix/smtpd[12706]: read from 5565938E6820 [556593910343] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF)) I tried deleting the accounts and re-adding, but it just says cannot verify mail server, and then just waits for a long time. Is this certificate/SSL related? It sure feels like it. Should i turn off SSL to test ? 4. Finally, does anyone know what to do to get through to outlook.com<http://outlook.com> addresses? Smartscreen filters all the email into junk. I added SPF, DKIM, DMARC, a PTR record, SenderID etc but when i contact the microsoft delivery team all i get is : "Not eligible for mitigation”. My address is, while in the Amazon AWS pool, an elastic ip address and it is not on any spam or RBL’s. I owned it for 6 months or so, including the domain. Gmail or yahoo has no problem receiving it in the normal mailbox. And as microsoft is not giving me any real pointers as to why it is being filtered, i’m not sure what else to do. I can send the postconf -n upon request. Alef
