On Thu, 2017-11-30 at 21:49 -0500, Viktor Dukhovni wrote: > > > > > On Nov 30, 2017, at 9:30 PM, Chris <cpoll...@embarqmail.com> wrote: > > > > Thanks so much for the explanation Viktor. I didn't think it was a > > postfix issue but hoped I would get something I could send to the > > tech > > support people to help figure this out. As far as trying another > > MUA I > > get the same error when sending with Evolution. Not every time but > > more > > often than not. It's hard to try and explain something to a tech > > support person who knows absolutely nothing about Linux since > > they're > > only oriented towards window and maybe Mac. > Just tell tech support you're using MacOS/X, with the SMTP server > on your account configured the same way as in Evolution: > > Hostname: ... > Port: 587 > TLS (aka STARTTLS) > Username: ... > Correct password (they should not ask for the actual pw) > > If that only works intermittently (Evolution or pretend MacOS/X) > then there's something wrong with the submission service. > > I guess I also see intermittent connectivity: > > $ posttls-finger "[smtp.embarqmail.com]:587" > posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587 > posttls-finger: < 220 smtp.centurylink.net ESMTP > posttls-finger: > EHLO ... > posttls-finger: < 250-smtp04.onyx.dfw.sync.lan says EHLO to ... > posttls-finger: < 250-STARTTLS > posttls-finger: < 250-PIPELINING > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250-AUTH=LOGIN > posttls-finger: < 250-AUTH LOGIN > posttls-finger: < 250 8BITMIME > posttls-finger: > STARTTLS > posttls-finger: < 220 2.0.0 continue > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: > subjectAltName: mail.centurylink.net > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: > subjectAltName: pop.centurylink.net > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: > subjectAltName: smtp.centurylink.net > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: > subjectAltName: mx.centurylink.net > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: Matched > subjectAltName: smtp.embarqmail.com > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: > subjectAltName: pop.embarqmail.com > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587 CommonName > mail.centurylink.net > posttls-finger: certificate verification failed for > smtp.embarqmail.com[206.152.134.66]:587: untrusted issuer > /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 > VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root > Certification Authority > posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: > subject_CN=smtp.embarqmail.com, issuer_CN=Symantec Class 3 Secure > Server SHA256 SSL CA, > fingerprint=FA:33:32:8E:8C:0B:72:D8:4E:BE:76:60:72:A5:F6:14:D0:FE:F9: > 75, > pkey_fingerprint=66:A0:48:D7:4C:01:1A:17:18:BD:3D:92:DE:DB:D9:D2:70:9 > C:0B:18 > posttls-finger: Untrusted TLS connection established to > smtp.embarqmail.com[206.152.134.66]:587: TLSv1.2 with cipher DHE-RSA- > AES256-GCM-SHA384 (256/256 bits) > posttls-finger: > EHLO ... > posttls-finger: < 250-smtp04.onyx.dfw.sync.lan says EHLO to ... > posttls-finger: < 250-AUTH=LOGIN > posttls-finger: < 250-AUTH LOGIN > posttls-finger: < 250-8BITMIME > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250 PIPELINING > posttls-finger: > QUIT > posttls-finger: < 221 2.3.0 smtp04.onyx.dfw.sync.lan closing > connection > > And just a bit later: > > $ posttls-finger "[smtp.embarqmail.com]:587" > posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587 > posttls-finger: < 421 4.3.4 allocated resources exceeded > posttls-finger: SMTP service not available: 421 4.3.4 allocated > resources exceeded > > Perhaps there's a firewall that's filtering after unauthenticated > connections, > or they're just underpowered to handle the traffic... > > The certificate names include "mail.centurylink.net", and that also > has port > 587 accepting SMTP connections with STARTTLS and offers SASL > auth. However, > that's a different IP address, and seems to not be turning away as > much > traffic. Any chance that would be a correct/better submission host > to use? > > $ posttls-finger "[mail.centurylink.net]:587" > posttls-finger: Connected to mail.centurylink.net[205.219.233.9]:587 > posttls-finger: < 220 smtp.centurylink.net ESMTP > posttls-finger: > EHLO ... > posttls-finger: < 250-smtp02.agate.dfw.synacor.com says EHLO to ... > posttls-finger: < 250-8BITMIME > posttls-finger: < 250-XDUMPCONTEXT > posttls-finger: < 250-PIPELINING > posttls-finger: < 250-STARTTLS > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250-AUTH=LOGIN > posttls-finger: < 250 AUTH LOGIN > posttls-finger: > STARTTLS > posttls-finger: < 220 2.0.0 continue > posttls-finger: mail.centurylink.net[205.219.233.9]:587: Matched > subjectAltName: mail.centurylink.net > posttls-finger: mail.centurylink.net[205.219.233.9]:587: > subjectAltName: pop.centurylink.net > posttls-finger: mail.centurylink.net[205.219.233.9]:587: > subjectAltName: smtp.centurylink.net > posttls-finger: mail.centurylink.net[205.219.233.9]:587: > subjectAltName: mx.centurylink.net > posttls-finger: mail.centurylink.net[205.219.233.9]:587: > subjectAltName: smtp.embarqmail.com > posttls-finger: mail.centurylink.net[205.219.233.9]:587: > subjectAltName: pop.embarqmail.com > posttls-finger: mail.centurylink.net[205.219.233.9]:587 CommonName > mail.centurylink.net > posttls-finger: certificate verification failed for > mail.centurylink.net[205.219.233.9]:587: untrusted issuer > /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 > VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root > Certification Authority > posttls-finger: mail.centurylink.net[205.219.233.9]:587: > subject_CN=mail.centurylink.net, issuer_CN=Symantec Class 3 Secure > Server SHA256 SSL CA, > fingerprint=FA:33:32:8E:8C:0B:72:D8:4E:BE:76:60:72:A5:F6:14:D0:FE:F9: > 75, > pkey_fingerprint=66:A0:48:D7:4C:01:1A:17:18:BD:3D:92:DE:DB:D9:D2:70:9 > C:0B:18 > posttls-finger: Untrusted TLS connection established to > mail.centurylink.net[205.219.233.9]:587: TLSv1.2 with cipher AES256- > GCM-SHA384 (256/256 bits) > posttls-finger: > EHLO ... > posttls-finger: < 250-smtp02.agate.dfw.synacor.com says EHLO to ... > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250-XDUMPCONTEXT > posttls-finger: < 250-PIPELINING > posttls-finger: < 250-8BITMIME > posttls-finger: < 250-AUTH=LOGIN > posttls-finger: < 250 AUTH LOGIN > posttls-finger: > QUIT > posttls-finger: < 221 2.3.0 smtp02.agate.dfw.synacor.com closing > connection > > Something must have changed because since yesterday at 8pm CST I've seen not a single problem. I'm not going to hold my breath however.
-- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 17:13:09 up 9 days, 6:14, 1 user, load average: 0.36, 0.43, 0.35 Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic
signature.asc
Description: This is a digitally signed message part
