>How common is this? Why did postfix use the lowest MX priority server >for=20 >hawaii.rr.com to try and verify?
Let's assume, and it's has always been safe ime, that postfix follows the "MX algorithm" rigorously. Contacting the last MX would mean that all higher preference MX's failed to respond at all (ie, no 4xx or 5xx, but with timeout). hawaii.rr is probably not a huge infrastructure and maybe very stressed, ie, slow. if this is large problem, then you could try increasing the smtp timeouts: smtp_connect_timeout = 30s smtp_data_done_timeout = 30s smtp_data_init_timeout = 30s smtp_data_xfer_timeout = 30s smtp_helo_timeout = 30s smtp_mail_timeout = 30s smtp_quit_timeout = 30s smtp_rcpt_timeout = 30s smtp_rset_timeout = 120s context: you can see in pflogsumm report that nearly all mail passes through IMGate in under 10 secs, so having "smtp_connect_timeout = 30s" is not too BOFH, imo. > Would this be why verification failed? apparently, the only MX that responded refused connection on port 25. If you were postfix, what would you do, after you had already timed out trying to even get a refusal at the others? man verify ... is worth reading. >Also, is there a way to remove this address from the >address_verify.map.db? (or add it to the db, if it's used as a >whitelist) man postmap shows no "delete" function. There must be some tool for this, eg, I know Bennett Todd's pop-before-smtp PERL script deletes records from its .db file when an ip's POP3 login grace period expires. but I don't know one. Len
