On Mon, 13 Nov 2017, Viktor Dukhovni wrote:
Where should the mail be going? Is the obfuscated host[ip] to which connections are failing the right destination?
Victor, They are a mail list. It doesn't really need obfuscation: thales.memphis.edu[141.225.8.55]:25
Your configuration shows: body_checks = regexp:/etc/postfix/body_checks header_checks = regexp:/etc/postfix/header_checks Do either of these have any patterns with a "FILTER" action?
No, neither does.
mydestination = $myhostname, mail.$mydomain, localhost.$mydomain, localhost.$mydomain, $mydomain, /etc/postfix/local/localdomains mydomain = appl-ecosys.com This domain is listed in $mydestination, and should have been handed off to the "local" transport, and yet it seems it is going out via smtp(8). So either we're not looking at the right configuration, or there's a transport override (or FILTER action) hiding somewhere.
I've not changed main.cf (other than applying updates from new versions of postfix) and this delay issue appeared only over the weekend. If there's a change to be made, please tell me and I'll make it.
smtpd_client_restrictions = check_client_access hash:/etc/postfix/internal_network, permit_mynetworks, check_sender_access hash:/etc/postfix/sender_no_greylist, check_sender_mx_access cidr:/etc/postfix/bogus_mx, check_sender_access hash:/etc/postfix/rhsbl_sender_exceptions, check_client_access hash:/etc/postfix/badaddr, check_client_access cidr:/etc/postfix/badip, check_sender_access hash:/etc/postfix/common_spam_senderdomains, check_client_access cidr:/etc/postfix/cidr/africa.cidr, check_client_access cidr:/etc/postfix/cidr/central-asia.cidr, check_client_access cidr:/etc/postfix/cidr/east-asia.cidr, check_client_access cidr:/etc/postfix/cidr/east-europe.cidr, check_client_access cidr:/etc/postfix/cidr/spammers.cidr, check_client_access cidr:/etc/postfix/cidr/latin-america.cidr, check_client_access cidr:/etc/postfix/cidr/middle-east.cidr, reject_rbl_client zen.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client combined.njabl.org, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, reject_rhsbl_sender dsn.rfc-ignorant.org, permit Any FILTER actions in any of the access tables above? [BTW, IIRC sbl-xbl.spamhaus.org is a subset of zen.spamhaus.org, so you should not also query the former when using the latter]
If there's a FILTER action it's not been added by me. I've removed sbl-xbl.spamhaus.org. Thank you.
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/roleaccount_exceptions, check_recipient_access hash:/etc/postfix/recipients, check_helo_access pcre:/etc/postfix/helo_checks, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_client_hostname, reject_unknown_reverse_client_hostname, reject_non_fqdn_hostname, reject_invalid_hostname, permit reject_multi_recipient_bounce Any FILTER actions in the above? [BTW rules after "permit" can't possibly do anything]
No FILTERs I've added; the final line is the end of this one: #smtp_data_restrictions = reject_multi_recipient_bounce Now on one line again.
soft_bounce = yes This can make messages linger that should have bounced. Should not be on long-term.
Thank you. Changed to 'no'. Rich
