Also look into other possibilities, the DST Root issue is a bit of a longshot. If you can get an account on Outlook.com, send mail and see if it bounces with usable diagnostics in the bounce.
i changed the preferred chain here, and for all my domains (thx o/ !). it certainly didn't hurt. but, i'm increasingly sure that your original speculation was correct -- bad rollover. cleaning up DNS config, and forcing a clean rollover, seems to have done the trick. after the dns cleanup, switching BACK the preferred chain didn't reinit the issue. when i looked at the logs i was given, DNSSEC/dane issues didn't leap out at me -- but you mentioned them. what in those logs suggested DNSSEC/dane to you? anything specific, or just likelihood ? in any case, i want to set up a DNSSEC rollover 'canary' ... tool/script that'll notify me on failures, like "this". b4 i cobble something up from scratch -- is there a recommended/best-practice tool for the job? specifically something that'd play nice with postfix -- and detect/notify the problem? _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
