On Tue, May 02, 2023 at 09:41:50AM -0400, PGNet Dev via Postfix-users wrote:
> a server that i don't have shell access to atm has, today, started
> seeing undelivered mail from only one domain --
> *outbound.protection.outlook.com. apparently, everything else inbound
> is flowing. and, i'm told, inbound from outlook.com was working
> yesterday.
The logging is much too verbose, pruned to just the expected normal
logging:
> 2023-05-02T08:23:16.757030-04:00 karma postfix/ps-int/smtpd[17881]:
> connect from
> mail-co1nam11on2041.outbound.protection.outlook.com[40.107.220.41]
> 2023-05-02T08:23:17.155534-04:00 karma postfix/ps-int/smtpd[17881]:
> Untrusted TLS connection established from
> mail-co1nam11on2041.outbound.protection.outlook.com[40.107.220.41]:
> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
> 2023-05-02T08:23:17.225393-04:00 karma postfix/ps-int/smtpd[17881]:
> disconnect from >
> mail-co1nam11on2041.outbound.protection.outlook.com[40.107.220.41]
> ehlo=1 starttls=1 quit=1 commands=3
Either the client had no intention to send mail (some sort of liveness
probe), or perhaps it did not like the presented certificate chain.
What are some domains your server accepts mail for? Do you perhaps
publish DANE TLSA records and have botched certificate rotation?
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
