We have been running without TLS for many years. Some of the ISPs are
beginning to complain about not sending mail using TLS. We enabled
outbound smtp as a result. Postfix receives email only from our
private network -- we do not use inbound smtpd_tls as a result.
Our main.cf contains:
sm
TLS connections are being reused about 10% of the time for larger ISPs.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
consistent throughout the peak demand period.
Best, Greg
On Tue, May 21, 2024 at 7:12 AM Viktor Dukhovni via Postfix-users
wrote:
>
> On Tue, May 21, 2024 at 06:51:08AM -0500, Greg Sims via Postfix-users wrote:
>
> > Our main.cf contains:
> > smtpd_tls_cert_file =
> &g
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig is less
than 20 msec for both our primary and secondary dns
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig is less
than 20 msec for both our primary and secondary dns
Thank you again for your feedback on this issue.
I watched the workload in real time this morning and now have more
insight into what is happening. It appears the large ISPs are using
TLS connection as a way to throttle incoming traffic. I looked at the
inbound mail queue and found most of the t
I have data collection homework to do -- and I will be happy to do it!
Config data and "collate" is next after morning meetings.
Here is some summary data by ISP from the logs:
Email Ave Max Conn
Relay SentDelay
I am having problems with "collate". I greped a 10 minute portion of
our mail.log which created a 6.8M file. I ran "collate" on this file
and collected the output -- a 796M file. I looked at the file and it
seems to be filled with records like the following:
May 22 02:10:00 mail01.raystedman.o
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
> bypassing
>
> If the delay is with sending or receiving RSET, then the SMTP client
> log "conversation with XXX timed out". I don't know if that has a
> queue ID logged with that, though. Just grep for 'conversation with'.
[root@mail01 postfix]# journalctl -u postfix.service | grep 'conversation with'
retu
> This is perhaps a good time to ask you for your full configuration,
> not just cherry-picked individual settings. Please post the outputs of:
>
> $ postconf -nf
> $ postconf -Mf
>
> with all whitespace (including linebreaks) preserved.
[root@mail01 postfix]# postconf -nf
alias_datab
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
> bypassing
Thank you Viktor. All recommended changes have been made. I hope to
collect useful "collate" data with our next distribution at Noon today
pacific.
I hope you have a great day! Greg
> [root@mail01 postfix]# postconf -nf
>
> [root@mail01 postfix]# postconf -Mf
___
On Thu, May 23, 2024 at 7:07 AM Greg Sims wrote:
>
> Thank you Viktor. All recommended changes have been made. I hope to
> collect useful "collate" data with our next distribution at Noon today
> pacific.
>
Still having problems with the inbound smtpd from our private network
flooding "collate".
We found the following in our email log:
May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
0A7D630F1C7C: to==
cecytebc.edu...@devotion.raystedman.org>,
relay=aspmx.l.google.com[142.251.2.26]:25,
delay=0.52, delays=0/0/0.21/0.31, dsn=5.7.26, status=bounced (host
aspmx.l.google.com[1
On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
>
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the expected
> On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the expected
I do see the "qmgr active" active with the from=<>. I added
mail01.raystedman.org SPF to DNS as a result.
Thanks again, Greg
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Tue, May 28, 2024 at 6:49 AM Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> In recent experience with my personal porcupine.org email address,
> they not only want SPF or DKIM, they *also* want a DMARC policy
> with p=quarantine or p=reject.
We have run p=reject for year
Hello,
We found the following in our email logs this morning. I ran
"collate" and here is the result:
May 29 02:10:04 mail01.raystedman.org postfix/bounce[31220]:
AFC7030537E6: postmaster non-delivery notification: 7A80D32EDB2C
May 29 02:10:04 mail01.raystedman.org postfix/cleanup[31245]:
7A
>
>
> > main.cf contains:
> >
> > # 24-05-28
> > # email comes from raystedman.org instead of mail0.raystedman.org
> > # note: the mail01 subdomain does not need a SPF record in DNS as a
> result
> > myorigin = raystedman.org
> >
> > I hoped this would allow the message being sent to be
> >
On Wed, May 29, 2024 at 2:52 PM Wietse Venema via Postfix-users
wrote:
> Presumably you have to DKIM or SPF or DMARC for hostname.raystedman.org,
> so any way to get double-bou...@raystedman.org should help.
>
> You have to be careful about mailer loops, though.
>
> Postfix gives special treatmen
On Wed, May 29, 2024 at 5:49 PM Wietse Venema via Postfix-users
wrote:
> I think it's a bad idea to send your double bounces to a different site.
> The Postfix design really wants to handle them locally.
Thank you Wietse.
I moved to a conservative configuration for tonight including deleting
th
On Thu, May 30, 2024 at 7:12 AM Wietse Venema via Postfix-users
wrote:
>
> Greg Sims via Postfix-users:
> > double-bounces which is now unclear -- at least to me. Perhaps you
> > can give me an idea of how to capture just the double-bounces locally.
>
> 1) The postmast
On Thu, May 30, 2024 at 12:27 PM Greg Sims wrote:
>
> I believe I am ready to capture the double-bounce locally.
>
> This is main.cf:
> # 24-05-30 save the bounces locally at bounce-local
> notify_classes = 2bounce, bounce, resource, software
> bounce_notice_recipient = bounce-local
> 2bou
PM Wietse Venema wrote:
>
> Greg Sims via Postfix-users:
> > On Thu, May 30, 2024 at 12:27?PM Greg Sims wrote:
> > >
> > > I believe I am ready to capture the double-bounce locally.
> > >
> > > This is main.cf:
> > > # 24-05-30 save the bounc
On Fri, May 31, 2024 at 8:01 AM Wietse Venema via Postfix-users
wrote:
>
> Greg Sims via Postfix-users:
> > I set the following in main.cf
> >
> > mydestination = localhost
> >
> > and received the following in our logs:
> >
> > May 31 0
On Tue, May 28, 2024 at 8:12 AM Greg Sims wrote:
>
> On Tue, May 28, 2024 at 6:49 AM Wietse Venema via Postfix-users
> wrote:
>
> > In recent experience with my personal porcupine.org email address,
> > they not only want SPF or DKIM, they *also* want a DMARC policy
> > with p=quarantine or p=re
OK. I found the email in the bounce mailbox at the gmail level. The
issue seems to be consistent with what we could see from the email
logs only. The SPF fails because the email is being sent from domain
mail01.raystedman.org. You tried (Wietse) for some time to control the
"from domain" for thi
We had another DMARC Failure last night. The email ended up at the gmail level.
X-Original-Authentication-Results: mx.google.com;
spf=none (google.com: mail01-t122.raystedman.org does not
designate permitted sender hosts)
smtp.helo=mail01-t122.raystedman.org;
dmarc=fail (p=NONE s
Someone asked what was being sent. The email is being sent to a
mailbox collector of bounces at the Gmail level. The email contains a
VERP address of the original sender. We perform automated bounce
processing for all email that make it to the bounce address at the
Gmail level. These bounces co
Hi There,
We receive over 500 log entries per day from Comcast that look like this:
Sep 18 03:05:07 mail0 r105/smtp[15929]: AE3378857BA: to=,
relay=mx1.comcast.net[96.114.157.80]:25, delay=0.69,
delays=0/0.01/0.6/0.08, dsn=4.1.0, status=deferred (host
mx1.comcast.net[96.114.157.80]
said: 421 4.1.
>> I have written postmas...@comcast.net and never received a reply. I have
>> tried several times and will try again per your suggestion.
>Probably better to go the web form route:
>https://postmaster.comcast.net -> https://spa.xfinity.com/report
The web form results in an automated email
33 matches
Mail list logo
