openSUSE admin

I assume there is no answer, but reading https://postmaster.t-online.de/#t3 points towards https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS

From /etc/postfix/main.cf on elsa (and anna):

myhostname = hydra.opensuse.org

So let's see what we get when asking for this name:

~> host hydra.opensuse.org
hydra.opensuse.org has address 195.135.221.150
hydra.opensuse.org has IPv6 address 2620:113:80c0:8::19

As result, a forward-confirmed reverse DNS check will obviously fail.

I guess, this is a history failure, when the machines were setup as copy of the original tarzan/jane proxies. (hydra.opensuse.org is the name of this pair on the external HA interface.)

The file /etc/sysconfig/postfix on both machines does not really help. The file is the same on anna and elase and contains:

POSTFIX_MYHOSTNAME="anna.opensuse.org"
POSTFIX_RELAYHOST="[relay.infra.opensuse.org]"

While it might make at least a little sense on anna, the use of a relayhost entry does not make sense if anna/elsa should be the relay hosts for the internal machines. But luckily /etc/sysconfig/mail contains:

MAIL_CREATE_CONFIG="no"

So main.cf and master.cf on anna and elsa will not get touched by /usr/sbin/config.postfix.

My suggestion: configure master.cf for the external IPs on anna/elsa. Have a look at this page for more details.

But I hope we have more Email experts around that could assist here.

I don't think this is a forward-reverse issue - let me add my few Rappen -

t-online refused to talk to 195.135.221.139 (elsa). That address maps to 'proxy-nue2.opensuse.org', which in turn maps to 195.135.221.139, which is fine. That elsa has a different helo configured should not cause anyone a problem.

Anna has the same setup - 195.135.221.145 -> proxy-nue1.opensuse.org -> 195.135.221.145 - so if this setup was a problem, t-online would refuse to talk to both.

Anna - since 1 January, anna has had 26984 connections to t-online, of which 20756 were successful. 5223 were refused with 'Maximum parallel connections for your IP-Address reached'. 5 mails were rejected as spam.

Looking at the logs on elsa, I think the problem went away on 22 December, between 10 and 11 UTC.

The problem with 'Maximum parallel connections for your IP-Address reached' remains though - maybe the default of 20 is too much for t-online ? I've reduced it to 10 (in general), let's see if that works.

Two quick notes:

I assume there is no answer,

Right, I never got a reply from t-online.

Looking at the logs on elsa, I think the problem went away on 22 December, between 10 and 11 UTC.

IIRC when I noticed the problem (Dec 22), I switched back to anna, which also means mails (except those in the queue) were delivered by anna again.
When you checked the logs on elsa, did you look for delivery failures, or for successful deliveries to t-online?

cboltz wrote:

Looking at the logs on elsa, I think the problem went away on 22 December, between 10 and 11 UTC.

IIRC when I noticed the problem (Dec 22), I switched back to anna, which also means mails (except those in the queue) were delivered by anna again.
When you checked the logs on elsa, did you look for delivery failures, or for successful deliveries to t-online?

I looked for successful deliveries to t-online.
On elsa, 22 December, I see successful deliveries as of 11:13 UTC, last one at 12:33 UTC. All with 10-12 hours delay.

Thanks for the clarification!

These successful deliveries might mean that t-online removed elsa from the blacklist (within some hours, I mailed them 2019-12-22 at 2:05 CET) without telling me.
Unfortunately I don't have a t-online address to verify this myself.