On 9/29/2024 8:11 PM, Viktor Dukhovni via Postfix-users wrote:
On Sun, Sep 29, 2024 at 05:38:16PM -0400, Steve Matzura via Postfix-users wrote:
2024-09-29T21:31:27.402601+00:00 tgv24 postfix/error[1775]: B9E5510584F:
to=<tgvpad...@theglobalvoice.info>, orig_to=<tgvpadmin>, relay=none,
delay=48744, delays=48594/150/0/0.01, dsn=4.4.1, status=deferred (delivery
temporarily suspended: connect to fb.mail.gandi.net[217.70.178.216]:25:
Connection timed out)
You're still too parsimonious with your choice of logs to report,
No, I just don't know *what* to report. Concerned about reporting the
wrong thing or too much, I posted what I know, which I know isn't much.
Tell me what to show you, and I'm happy to oblige.
the MX records for the domain include:
theglobalvoice.info. IN MX 10 spool.mail.gandi.net.
theglobalvoice.info. IN MX 50 fb.mail.gandi.net.
What happened with the initial delivery attempt via
spool.mail.gandi.net. The eventual failure to connect to the fallback
MX should be a secondary issue.
$ posttls-finger -c -Lsummary -lmay theglobalvoice.info
posttls-finger: Untrusted TLS connection established to
spool.mail.gandi.net[217.70.178.1]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Though I appear to have no issues connecting to that MX host.
When I do it, I get:
posttls-finger: warning: DNSSEC validation may be unavailable
posttls-finger: warning: reason: dnssec_probe 'ns:.' received a response
that is not DNSSEC validated
posttls-finger: Failed to establish session to theglobalvoice.info via
spool.mail.gandi.net:0: connect to
spool.mail.gandi.net[217.70.178.1]:25: Connection timed out
posttls-finger: Failed to establish session to theglobalvoice.info via
spool.mail.gandi.net:0: connect to
spool.mail.gandi.net[2001:4b98:e00::1]:25: Connection timed out
posttls-finger: Failed to establish session to theglobalvoice.info via
fb.mail.gandi.net:0: connect to
fb.mail.gandi.net[2001:4b98:dc4:8::217]:25: Connection timed out
This makes sense because I am not using Gandi's DNSSEC. Should I be
doing that?
$ posttls-finger -c -Lsummary -lmay -o inet_protocols=ipv4
"[fb.mail.gandi.net]"
posttls-finger: Untrusted TLS connection established to
fb.mail.gandi.net[217.70.178.216]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
I have SSL certificates at gandi.net for the Website and on the system
for nginex. I didn't see any reference to the local certificates in the
older configuration, so I didn't change anything regarding them on the
new server._______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
