Hey, My server serving.schmi.tt is experiencing problems with mails coming in from outlook.com. This is what I found in my logs (many times actually):
----- Jul 24 09:28:16 serving postfix/smtpd[4577]: initializing the server-side TLS engine Jul 24 09:28:16 serving postfix/smtpd[4577]: connect from mail-am1on0067.outbound.protection.outlook.com[157.56.112.67] Jul 24 09:28:16 serving postfix/smtpd[4577]: setting up TLS connection from mail-am1on0067.outbound.protection.outlook.com[157.56.112.67] Jul 24 09:28:16 serving postfix/smtpd[4577]: mail-am1on0067.outbound.protection.outlook.com[157.56.112.67]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH" Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:before/accept initialization Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:SSLv3 read client hello A Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:SSLv3 write server hello A Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:SSLv3 write certificate A Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:SSLv3 write key exchange A Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:SSLv3 write server done A Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:SSLv3 flush data Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept:failed in SSLv3 read client certificate A Jul 24 09:28:16 serving postfix/smtpd[4577]: SSL_accept error from mail-am1on0067.outbound.protection.outlook.com[157.56.112.67]: lost connection Jul 24 09:28:16 serving postfix/smtpd[4577]: lost connection after STARTTLS from mail-am1on0067.outbound.protection.outlook.com[157.56.112.67] Jul 24 09:28:16 serving postfix/smtpd[4577]: disconnect from mail-am1on0067.outbound.protection.outlook.com[157.56.112.67] ----- The last time this occuredi, outlook.com tried 115 times to deliver unsuccessfully. It returned the message to the sender with the following comment: ----- Diagnostic information for administrators: Generating server: VI1PR01MB1567.eurprd01.prod.exchangelabs.com Receiving server: emea01-internal.map.protection.outlook.com (10.174.64.27) Total retry attempts: 8 mor...@schmi.tt 7/23/2015 1:30:37 PM - Remote Server at emea01-internal.map.protection.outlook.com (10.174.64.27) returned '550 4.4.7 QUEUE.Expired; message expired' 7/23/2015 1:20:35 PM - Remote Server at emea01-internal.map.protection.outlook.com (10.174.64.27) returned '451 4.4.0 Primary target IP address responded with: "451 4.4.0 Security status InvalidToken." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 2001:67c:1400:22a0::1:1101' Original message headers: (...) ----- Of course I searched the internet for this problem but didn't really find anything that helped me. There are other people who have troubles with outlook.com at the receiving end, however, their problems seem to slightly different. serving.schmi.tt is my own private little toy server and I am an unexperienced admin (in fact, I am not an admin at all). So I find it quite likely that I made a mistake in my postfix configuration. Let me therefore also post the output of postconf -n: ----- broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix inet_protocols = ipv4 mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 1000000000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, bismark.$mydomain, www.$mydomain, mail.$mydomain mydomain = schmi.tt myhostname = serving.schmi.tt mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_loglevel = 2 smtp_tls_security_level = may smtpd_relay_restrictions = permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_starttls_timeout = 300s smtpd_tls_CAfile = /etc/ssl/certs/CACERT.ORG_root.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/PUB_CHAIN_serving.schmi.tt.pem smtpd_tls_key_file = /etc/ssl/private/PRIV_serving.schmi.tt.pem smtpd_tls_loglevel = 2 smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_mailbox_limit = 0 ----- Any hints are greatly appreciated since I am quite lost at what to try next. Maybe someone spots a mistake in my configuration? Or encountered the same problem with outlook.com? It is probably not relevant, but on this machine I am running FreeBSD 10.1-RELEASE-p15. Best, Moritz
