Avatar of banks1850

asked on 

Postfix problem with a blacklist (a little unique)

Hello all,

I have a rather unique issue (I think).  So my company has two distinct networks, one for Corporate, and one for our Production service.  Our corporate mail comes through a mail filter for spam and anti-virus (Ironmail), our production only sends mail using postfix.  We have had the same setup for many years.  We know our dns is set up correctly, as everything has worked fine for the whole time.  But I recently added a 2nd postfix server to our Virtual IP for added redundancy.  The configuration is identical to the original postfix machine and I tested it thoroughly before putting it in place and confirmed I could send mail through it by both direct telnet and via a relay host.

the problem that came up (that we have mitigated by adding an exception to the ironmail) is that once the new server was added, after a little time, the corporate mail filter put us on a black list and we started receiving the following error
host mailhost1.<mydomain> refused to talk to me: 554 Transaction Failed
Which I assume means that it is dropping the connection.
I realize this is because somewhere on our production environment we are sending a bad email address to our corporate network and Ironmail is configured to blacklist after 100 bad email attempts over 24 hours.  We have since added our production IP as exempt from this rule so the problem was removed.

One other bit of info, our production environment doesn't issue a lot of email, maybe 2 or 3 hundred an hour, and our postfix servers are relatively robust machines that can handle a LOT more then that without issue.

My questions are as follows.
1) During that same time period, all other emails to external email addresses slowed to a crawl (I'm talking about 1 hour delivery times and more).  Can someone think of a solid reasoning behind this?  Would Postfix be this serialized where if one server is refusing to talk, all the other emails has to wait.  I can't wrap my head around that, but observations confirm it.
2) I can't seem to find the bad address that our corporate filter is saying is coming.  I don't run the filter, but the admin who does didn't seem to be able to find it either.  Is there anywhere I can look (and what I can look for) that will tell me that a remote server said the email address was invalid?
Thanks for any help you can give.
Email ServersLinux

Avatar of undefined
Last Comment

8/22/2022 - Mon