On Tue, Jul 07, 2020 at 03:15:22AM +0000, Sebby, Brian A. wrote:
> In our environment, we have two Postfix mail servers where server1
> will forward some messages to server2. We first upgraded server1 to
> 3.3.1, and then later upgraded server2, but I found that Postfix
> didn’t start sending the “too many hops” messages to postmaster until
> we upgraded server2 to 3.3.1.
The cause is a TLS certificate misconfiguration on server2, see below.
> 2bounce_notice_recipient = postmaster
> bounce_notice_recipient = postmaster
> delay_notice_recipient = postmaster
> error_notice_recipient = postmaster
> notify_classes = resource, software
That said, my recommendation is to avoid all postmaster notices, with
bounces going only to senders, and problems found by analysing logs.
Hence:
notify_classes =
Creating a flood of postmaster notices can exacerbate congestion.
> Out: 220 server1 ESMTP Postfix
> In: EHLO server1
> Out: 250-server1
> Out: 250-PIPELINING
> Out: 250-SIZE 1024000000
> Out: 250-ETRN
> Out: 250-STARTTLS
> Out: 250-ENHANCEDSTATUSCODES
> Out: 250-8BITMIME
> Out: 250-DSN
> Out: 250 SMTPUTF8
> In: STARTTLS
> Out: 454 4.7.0 TLS not available due to local problem
This qualifies the session as having a "software" error.
> In: MAIL FROM:<address@that-has-too-many-hops> SIZE=26223
> BODY=8BITMIME
> Out: 250 2.1.0 Ok
> In: RCPT TO:<address@server2>
> ORCPT=rfc822;address@server2 NOTIFY=NEVER
> Out: 250 2.1.5 Ok
> In: DATA
> Out: 354 End data with <CR><LF>.<CR><LF>
> Out: 554 5.4.0 Error: too many hops
> In: QUIT
> Out: 221 2.0.0 Bye
The subsequent too many hops problem (it appears you also have mail
loops) is then in scope for postmaster notification.
- Fix your TLS configuration, or disable TLS.
- Fix the mail loops.
--
Viktor.
