Turned out that, the error Jun 17 10:20:42 smtp01 smtpd[7838]: 33c0e6f7addb24d1 smtp disconnected reason="io-error: write failed: Connection reset by peer"
is harmless (in my case) and mail is received successfully. But by investigating it discovered another problem. On my server I have both rdns and fcrdns filers enabled filter "rdns" phase connect match !rdns disconnect "550 rDNS error" filter "fcrdns" phase connect match !fcrdns disconnect "550 fcrDNS error" and I noticed a lot of (and similar) Jul 1 08:56:15 smtp01 smtpd[7838]: 33c297056fc0b7f5 smtp connected address=40.107.149.96 host=mail-germanywestcentralazon11022096.outbound.protection.outlook. Jul 1 08:56:15 smtp01 smtpd[7838]: 33c297056fc0b7f5 smtp failed-command command="" result="550 fcrDNS error" hostname longer than 64 chars (mail-germanywestcentralazon11022096.outbound.protection.outlook.com), is truncated (mail-germanywestcentralazon11022096.outbound.protection.outlook.) and fcrdns filter failed. There is an issue on github regarding this https://github.com/OpenSMTPD/OpenSMTPD/issues/1252 In my case I applied patch https://github.com/morille/OpenSMTPD/commit/b9a09d61614f84e6dc9d43bd91952d85c4530d48 which resolved the problem with long hostnames. Just sharing this info, in case somebody else stumble on this problem too. -- Saulius On Monday, July 1st, 2024 at 14:54, Marcus MERIGHI <mcmer-opensm...@tor.at> wrote: > > > Hello Saulius, > > o...@s12s.slmail.me (o...@s12s.slmail.me), 2024.07.01 (Mon) 10:09 (CEST): > > > And recently I'm started getting such errors for e-mails coming from > > outbound.protection.outlook.com servers. > > > > Jun 17 10:20:42 smtp01 smtpd[7838]: 33c0e6f7addb24d1 smtp disconnected > > reason="io-error: write failed: Connection reset by peer" > > > > Is my understanding correct that "Connection reset by peer" means that > > remote host (outlook.com) closed/reset the connection? > > > I think that is what it means. And it reminds me of a recent thread on > mai...@mailop.org (the list archive is private*). The gist, as stated: > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Date: Sat, 29 Jun 2024 10:31:06 +1000 > From: Viktor Dukhovni via mailop mai...@mailop.org > > To: mai...@mailop.org > > [...] > Reading your first post brought to mind the recent report of potential > issues at Microsoft's outbound servers with "too many" TLSA records > (more than ~12). I was looking at your TLSA RRset (14 TLSA records): > [...] > That said, do you really need all 14 records? > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > The OP replied with: > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Date: Fri, 28 Jun 2024 23:23:04 -0400 > From: "Jim P. via mailop" mai...@mailop.org > > To: mai...@mailop.org > > [...] > Thank you for the detailed breakdown of the problem and resolution. I > have removed the E* TLSA records and mails from Microsoft are flowing > in. I'll make a note to remove the R3/R4 records next week and then > plan for adding the E* TLSA records back in and switching to ECDSA in > the near future. > Thanks again Viktor, you've been an awesome help. > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Is this something you should take a look at? > > Marcus > > * https://list.mailop.org/listinfo/mailop
signature.asc
Description: OpenPGP digital signature
