Dear Sir : Good day, as my customer today tell me, the server cannot receive email from yahoo , but they can receive from google I check the log, it show as below Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: SSL_accept error from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]: 0 Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: warning: TLS library problem: 25440:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:s3_pkt.c:1493:SSL alert number 46: Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: lost connection after STARTTLS from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139] Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: disconnect from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139] Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: connect from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139] Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: NOQUEUE: filter: RCPT from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sonic306-19.consmr.mail.sg3.yahoo.com> Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: NOQUEUE: filter: RCPT from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sonic306-19.consmr.mail.sg3.yahoo.com> Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: A8D1E581CE: client=sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139] we see there have error for SSL_accept error, is this a issue which cause user cannot receive yahoo email, can we add white list to bypass this problem ? Thank you
Hi : Pls find the below master.cf smtp inet n - n - - smtpd 2025 inet n - n - - smtpd #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} ${extension} ${re cipient} ${user} ${nexthop} ${sender} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_bind_address= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_c hecks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_c hecks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes
it might be yahoo doesn't like your self-signed? certificate ... which is questionable but not totally unexpected if thats the case.
Note, but can I disable self-signed for postfix email ? as we don't need self-signed SSL for postfix or it will solve by disable TLS ? Thank you
In the logs you show, there were 2 connections, the first didn't complete an smtp connection, with `lost connection after STARTTLS` - ie. yahoo's server dropped the connection. Once you fix your certificate/certificate chain, this should succeed. The second connection (where yahoo reconnects to you in plaintext, no TLS at all) works though, and you show mail was accepted and sent to amavis for filtering. The message was placed in your queue (queue id A8D1E581CE). Refer back to your logs to see what amavis did with it (start with `grep A8D1E581CE /var/log/mail.log`), maybe it's just sitting in a SPAM folder? Maybe it got scored so high it was deleted? The logs should say. You can either fix the certificate setup in postfix (preferable) or disable TLS to avoid the first connection issue. But as noted, that's not preventing mail delivery, yahoo simply reconnects in plaintext and the message is received by your server. As for fixing your certificate, what does `postconf smtpd_tls_cert_file smtpd_tls_key_file` show?
postconf smtpd_tls_cert_file smtpd_tls_key_file show as below smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key and right now , as per all expert advise, I have tried to disable tls by edit main.cf as below smtp_use_tls = no smtpd_use_tls = no smtp_tls_security_level = none smtpd_tls_security_level = none however, it still not work, I find the case is that, when I use yahoo to send test email to it I type mailq, it return Mail queue is empty When I restart postfix , the yahoo email appear. I don't know how to fix
