host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Chris-3
Postfix 3.1.0-3ubuntu0.2 on Ubuntu 16.04.3 LTS. Postfix is responsible
for sending me hourly syslog snippets and output from some other
cronjobs. Since September I've been seeing the above pretty much every
time it's used to send anything to me. The complete output is:

Nov 30 11:00:04 localhost postfix/pickup[16473]: A3CEA1000BDA: uid=1000
from=<chris>
Nov 30 11:00:04 localhost postfix/cleanup[32236]: A3CEA1000BDA:
message-id=<[hidden email]>
Nov 30 11:00:04 localhost postfix/qmgr[5189]: A3CEA1000BDA: from=<cpoll
[hidden email]>, size=336, nrcpt=1 (queue active)
Nov 30 11:00:05 localhost postfix/smtp[32261]: A3CEA1000BDA: to=<cpollo
[hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:587,
delay=0.93, delays=0.58/0.25/0.11/0, dsn=4.3.4, status=deferred (host
smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4
allocated resources exceeded)

I called my ISP, century link this morning and as usual with most
they're clueless about anything dealing with Linux. After talking to a
"tech" for about 45 minutes I just gave up. Is there anything that I
can tell them if/when I call back that would give them a clue as to
what's going on? I'm only sending 1 or 2 messages an hour with postfix
so it's not that I'm being blocked as a spammer. 

Thanks for any assistance
Chris

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
12:52:50 up 8 days, 1:54, 1 user, load average: 1.03, 1.96, 1.14
Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Viktor Dukhovni


> On Nov 30, 2017, at 2:00 PM, Chris <[hidden email]> wrote:
>
> Nov 30 11:00:05 localhost postfix/smtp[32261]: A3CEA1000BDA: to=<cpollo
> [hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:587,
> delay=0.93, delays=0.58/0.25/0.11/0, dsn=4.3.4, status=deferred (host
> smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4
> allocated resources exceeded)

Are you sure that you're configured to use the right smarthost?
I see exactly the same symptoms:

    $ posttls-finger -lmay "[smtp.embarqmail.com]:587"
    posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587
    posttls-finger: < 421 4.3.4 allocated resources exceeded
    posttls-finger: SMTP service not available: 421 4.3.4 allocated resources exceeded

It sure looks like [smtp.embarqmail.com]:587 is not in service, or is
down much of the time.  The MX host for embarqmail.com is mx.centurylink.net
and that's working just fine (on port 25).  So when others send you email,
it is to port 25 "embarqmail.com" (with MX lookups) and not to port 587
"smtp.embarqmail.com".

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Chris-3
On Thu, 2017-11-30 at 14:20 -0500, Viktor Dukhovni wrote:

>
> >
> > On Nov 30, 2017, at 2:00 PM, Chris <[hidden email]> wrote:
> >
> > Nov 30 11:00:05 localhost postfix/smtp[32261]: A3CEA1000BDA:
> > to=<cpollo
> > [hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:587,
> > delay=0.93, delays=0.58/0.25/0.11/0, dsn=4.3.4, status=deferred
> > (host
> > smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421
> > 4.3.4
> > allocated resources exceeded)
> Are you sure that you're configured to use the right smarthost?
> I see exactly the same symptoms:
>
>     $ posttls-finger -lmay "[smtp.embarqmail.com]:587"
>     posttls-finger: Connected to
> smtp.embarqmail.com[206.152.134.66]:587
>     posttls-finger: < 421 4.3.4 allocated resources exceeded
>     posttls-finger: SMTP service not available: 421 4.3.4 allocated
> resources exceeded
>
> It sure looks like [smtp.embarqmail.com]:587 is not in service, or is
> down much of the time.  The MX host for embarqmail.com is
> mx.centurylink.net
> and that's working just fine (on port 25).  So when others send you
> email,
> it is to port 25 "embarqmail.com" (with MX lookups) and not to port
> 587
> "smtp.embarqmail.com".
>
Victor, I went completely through my postfix configuration and set
everything to use the centurylink.net address. I made sure that the
sasl_passwd, smtp_passwd, aliases and canonical settings were correct. 

Sending from the command line one time I'll get this:

Nov 30 16:56:59 localhost postfix/qmgr[2484]: 3B9131000AE5: from=<cpoll
[hidden email]>, size=338, nrcpt=1 (queue active)
Nov 30 16:56:59 localhost postfix/error[3957]: EAE021000A41: to=<cpollo
[hidden email]>, relay=none, delay=586, delays=586/0.03/0/0.05,
dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL
authentication failed; server smtp.centurylink.net[206.152.134.66]
said: 535 5.7.8 Sorry.)

The next time I'll get this:

Nov 30 16:57:43 localhost postfix/pickup[2485]: F3FFE1000D53: uid=1000
from=<chris>
Nov 30 16:57:43 localhost postfix/cleanup[4073]: F3FFE1000D53: message-
id=<[hidden email]>
Nov 30 16:57:43 localhost postfix/qmgr[2484]: F3FFE1000D53: from=<cpoll
[hidden email]>, size=338, nrcpt=1 (queue active)
Nov 30 16:57:43 localhost postfix/smtp[4075]: F3FFE1000D53: to=<cpolloc
[hidden email]>, relay=smtp.centurylink.net[206.152.134.66]:587,
delay=0.24, delays=0.1/0.02/0.11/0, dsn=4.3.4, status=deferred (host
smtp.centurylink.net[206.152.134.66] refused to talk to me: 421 4.3.4
allocated resources exceeded)

Also using Evolution to send mail I'll get the same allocated resources
exceeded once and it goes out the 2nd time I try.

I'm really getting confused.

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
16:55:01 up 8 days, 5:56, 1 user, load average: 0.54, 1.83, 1.27
Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Wietse Venema
Chris:
> Nov 30 16:57:43 localhost postfix/smtp[4075]: F3FFE1000D53: to=<cpolloc
> [hidden email]>, relay=smtp.centurylink.net[206.152.134.66]:587,

Why are you sending to port 587?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Chris-3
On Thu, 2017-11-30 at 19:06 -0500, Wietse Venema wrote:
> Chris:
> >
> > Nov 30 16:57:43 localhost postfix/smtp[4075]: F3FFE1000D53:
> > to=<cpolloc
> > [hidden email]>, relay=smtp.centurylink.net[206.152.134.66]:587,
> Why are you sending to port 587?
>
> Wietse

That is the port that Centurylink "Tech Support" said to use today when
I called them about this issue.

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:20:26 up 8 days, 8:21, 1 user, load average: 1.67, 1.29, 0.75
Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Chris-3
In reply to this post by Wietse Venema
On Thu, 2017-11-30 at 19:06 -0500, Wietse Venema wrote:
> Chris:
> >
> > Nov 30 16:57:43 localhost postfix/smtp[4075]: F3FFE1000D53:
> > to=<cpolloc
> > [hidden email]>, relay=smtp.centurylink.net[206.152.134.66]:587,
> Why are you sending to port 587?
>
> Wietse

I set the port to 25 and sent two test messages:

Nov 30 19:46:02 localhost postfix/pickup[21295]: 98C9410005DF: uid=1000
from=<chris>
Nov 30 19:46:02 localhost postfix/cleanup[21376]: 98C9410005DF:
message-id=<[hidden email]>
Nov 30 19:46:02 localhost postfix/qmgr[21294]: 98C9410005DF: from=<cpol
[hidden email]>, size=336, nrcpt=1 (queue active)
Nov 30 19:46:03 localhost postfix/smtp[21378]: 98C9410005DF: to=<cpollo
[hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:25,
delay=1.1, delays=0.23/0.2/0.48/0.16, dsn=2.0.0, status=sent (250 SPF
validation soft failure)
Nov 30 19:46:03 localhost postfix/qmgr[21294]: 98C9410005DF: removed

Nov 30 19:46:46 localhost postfix/pickup[21295]: 382CC10005DF: uid=1000
from=<chris>
Nov 30 19:46:46 localhost postfix/cleanup[21376]: 382CC10005DF:
message-id=<[hidden email]>
Nov 30 19:46:46 localhost postfix/qmgr[21294]: 382CC10005DF: from=<cpol
[hidden email]>, size=335, nrcpt=1 (queue active)
Nov 30 19:46:46 localhost postfix/smtp[21378]: 382CC10005DF: to=<cpollo
[hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:25,
delay=0.21, delays=0.14/0/0.07/0, dsn=4.3.4, status=deferred (host
smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4
allocated resources exceeded)

One was sent, the next one gives me the 'allocated resources exceeded'
error.

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:48:08 up 8 days, 8:49, 1 user, load average: 0.66, 0.53, 0.64
Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Viktor Dukhovni


> On Nov 30, 2017, at 8:51 PM, Chris <[hidden email]> wrote:
>
> Nov 30 19:46:02 localhost postfix/pickup[21295]: 98C9410005DF: uid=1000
> from=<chris>
> Nov 30 19:46:02 localhost postfix/cleanup[21376]: 98C9410005DF:
> message-id=<[hidden email]>
> Nov 30 19:46:02 localhost postfix/qmgr[21294]: 98C9410005DF: from=<cpol
> [hidden email]>, size=336, nrcpt=1 (queue active)
> Nov 30 19:46:03 localhost postfix/smtp[21378]: 98C9410005DF: to=<cpollo
> [hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:25,
> delay=1.1, delays=0.23/0.2/0.48/0.16, dsn=2.0.0, status=sent (250 SPF
> validation soft failure)
> Nov 30 19:46:03 localhost postfix/qmgr[21294]: 98C9410005DF: removed
>
> Nov 30 19:46:46 localhost postfix/pickup[21295]: 382CC10005DF: uid=1000
> from=<chris>
> Nov 30 19:46:46 localhost postfix/cleanup[21376]: 382CC10005DF:
> message-id=<[hidden email]>
> Nov 30 19:46:46 localhost postfix/qmgr[21294]: 382CC10005DF: from=<cpol
> [hidden email]>, size=335, nrcpt=1 (queue active)
> Nov 30 19:46:46 localhost postfix/smtp[21378]: 382CC10005DF: to=<cpollo
> [hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:25,
> delay=0.21, delays=0.14/0/0.07/0, dsn=4.3.4, status=deferred (host
> smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4
> allocated resources exceeded)
>
> One was sent, the next one gives me the 'allocated resources exceeded'
> error.

This is mostly not a Postfix issue, and really needs to be taken up
with the provider.  However,

You need to clearly understand the difference between a submission
service and normal (to MX) SMTP delivery.

It seems that you're trying to send email *from* a sender address
that is at the provider's domain (and this would typically involve
authenticated submission) *to* a recipient address at the provider's
domain (which under normal circumstances goes to the provider's MX
host).

Generally, given a working SASL configuration and a correctly
working submission service, the submission aspect takes
precedence, and all mail sent with that sender address
(possibly via sender_dependent_default_transport) should
use submission.  So port 587 is not necessarily wrong,
but you do need a correct username and password, and
a working submission service that is willing to accept
your traffic.  At least one of these is not working, not
much Postfix can do about that.

You should perhaps first test with an MUA (Thunderbird or
similar) and find a working submission service, and only
then proceed to try to duplicate the same settings in
Postfix.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Chris-3
On Thu, 2017-11-30 at 21:21 -0500, Viktor Dukhovni wrote:

>
> >
> > On Nov 30, 2017, at 8:51 PM, Chris <[hidden email]> wrote:
> >
> > Nov 30 19:46:02 localhost postfix/pickup[21295]: 98C9410005DF:
> > uid=1000
> > from=<chris>
> > Nov 30 19:46:02 localhost postfix/cleanup[21376]: 98C9410005DF:
> > message-id=<[hidden email]>
> > Nov 30 19:46:02 localhost postfix/qmgr[21294]: 98C9410005DF:
> > from=<cpol
> > [hidden email]>, size=336, nrcpt=1 (queue active)
> > Nov 30 19:46:03 localhost postfix/smtp[21378]: 98C9410005DF:
> > to=<cpollo
> > [hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:25,
> > delay=1.1, delays=0.23/0.2/0.48/0.16, dsn=2.0.0, status=sent (250
> > SPF
> > validation soft failure)
> > Nov 30 19:46:03 localhost postfix/qmgr[21294]: 98C9410005DF:
> > removed
> >
> > Nov 30 19:46:46 localhost postfix/pickup[21295]: 382CC10005DF:
> > uid=1000
> > from=<chris>
> > Nov 30 19:46:46 localhost postfix/cleanup[21376]: 382CC10005DF:
> > message-id=<[hidden email]>
> > Nov 30 19:46:46 localhost postfix/qmgr[21294]: 382CC10005DF:
> > from=<cpol
> > [hidden email]>, size=335, nrcpt=1 (queue active)
> > Nov 30 19:46:46 localhost postfix/smtp[21378]: 382CC10005DF:
> > to=<cpollo
> > [hidden email]>, relay=smtp.embarqmail.com[206.152.134.66]:25,
> > delay=0.21, delays=0.14/0/0.07/0, dsn=4.3.4, status=deferred (host
> > smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421
> > 4.3.4
> > allocated resources exceeded)
> >
> > One was sent, the next one gives me the 'allocated resources
> > exceeded'
> > error.
> This is mostly not a Postfix issue, and really needs to be taken up
> with the provider.  However,
>
> You need to clearly understand the difference between a submission
> service and normal (to MX) SMTP delivery.
>
> It seems that you're trying to send email *from* a sender address
> that is at the provider's domain (and this would typically involve
> authenticated submission) *to* a recipient address at the provider's
> domain (which under normal circumstances goes to the provider's MX
> host).
>
> Generally, given a working SASL configuration and a correctly
> working submission service, the submission aspect takes
> precedence, and all mail sent with that sender address
> (possibly via sender_dependent_default_transport) should
> use submission.  So port 587 is not necessarily wrong,
> but you do need a correct username and password, and
> a working submission service that is willing to accept
> your traffic.  At least one of these is not working, not
> much Postfix can do about that.
>
> You should perhaps first test with an MUA (Thunderbird or
> similar) and find a working submission service, and only
> then proceed to try to duplicate the same settings in
> Postfix.
>
Thanks so much for the explanation Viktor. I didn't think it was a
postfix issue but hoped I would get something I could send to the tech
support people to help figure this out. As far as trying another MUA I
get the same error when sending with Evolution. Not every time but more
often than not. It's hard to try and explain something to a tech
support person who knows absolutely nothing about Linux since they're
only oriented towards window and maybe Mac. 

Chris

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
20:24:22 up 8 days, 9:25, 1 user, load average: 0.19, 0.49, 0.57
Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Viktor Dukhovni


> On Nov 30, 2017, at 9:30 PM, Chris <[hidden email]> wrote:
>
> Thanks so much for the explanation Viktor. I didn't think it was a
> postfix issue but hoped I would get something I could send to the tech
> support people to help figure this out. As far as trying another MUA I
> get the same error when sending with Evolution. Not every time but more
> often than not. It's hard to try and explain something to a tech
> support person who knows absolutely nothing about Linux since they're
> only oriented towards window and maybe Mac.

Just tell tech support you're using MacOS/X, with the SMTP server
on your account configured the same way as in Evolution:

        Hostname: ...
        Port: 587
        TLS (aka STARTTLS)
        Username: ...
        Correct password (they should not ask for the actual pw)

If that only works intermittently (Evolution or pretend MacOS/X)
then there's something wrong with the submission service.

I guess I also see intermittent connectivity:

$ posttls-finger "[smtp.embarqmail.com]:587"
posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587
posttls-finger: < 220 smtp.centurylink.net ESMTP
posttls-finger: > EHLO ...
posttls-finger: < 250-smtp04.onyx.dfw.sync.lan says EHLO to ...
posttls-finger: < 250-STARTTLS
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-AUTH=LOGIN
posttls-finger: < 250-AUTH LOGIN
posttls-finger: < 250 8BITMIME
posttls-finger: > STARTTLS
posttls-finger: < 220 2.0.0 continue
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: subjectAltName: mail.centurylink.net
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: subjectAltName: pop.centurylink.net
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: subjectAltName: smtp.centurylink.net
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: subjectAltName: mx.centurylink.net
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: Matched subjectAltName: smtp.embarqmail.com
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: subjectAltName: pop.embarqmail.com
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587 CommonName mail.centurylink.net
posttls-finger: certificate verification failed for smtp.embarqmail.com[206.152.134.66]:587: untrusted issuer /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: subject_CN=smtp.embarqmail.com, issuer_CN=Symantec Class 3 Secure Server SHA256 SSL CA, fingerprint=FA:33:32:8E:8C:0B:72:D8:4E:BE:76:60:72:A5:F6:14:D0:FE:F9:75, pkey_fingerprint=66:A0:48:D7:4C:01:1A:17:18:BD:3D:92:DE:DB:D9:D2:70:9C:0B:18
posttls-finger: Untrusted TLS connection established to smtp.embarqmail.com[206.152.134.66]:587: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
posttls-finger: > EHLO ...
posttls-finger: < 250-smtp04.onyx.dfw.sync.lan says EHLO to ...
posttls-finger: < 250-AUTH=LOGIN
posttls-finger: < 250-AUTH LOGIN
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250 PIPELINING
posttls-finger: > QUIT
posttls-finger: < 221 2.3.0 smtp04.onyx.dfw.sync.lan closing connection

And just a bit later:

$ posttls-finger "[smtp.embarqmail.com]:587"
posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587
posttls-finger: < 421 4.3.4 allocated resources exceeded
posttls-finger: SMTP service not available: 421 4.3.4 allocated resources exceeded

Perhaps there's a firewall that's filtering after unauthenticated connections,
or they're just underpowered to handle the traffic...

The certificate names include "mail.centurylink.net", and that also has port
587 accepting SMTP connections with STARTTLS and offers SASL auth.  However,
that's a different IP address, and seems to not be turning away as much
traffic.  Any chance that would be a correct/better submission host to use?

$ posttls-finger "[mail.centurylink.net]:587"
posttls-finger: Connected to mail.centurylink.net[205.219.233.9]:587
posttls-finger: < 220 smtp.centurylink.net ESMTP
posttls-finger: > EHLO ...
posttls-finger: < 250-smtp02.agate.dfw.synacor.com says EHLO to ...
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-XDUMPCONTEXT
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-STARTTLS
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-AUTH=LOGIN
posttls-finger: < 250 AUTH LOGIN
posttls-finger: > STARTTLS
posttls-finger: < 220 2.0.0 continue
posttls-finger: mail.centurylink.net[205.219.233.9]:587: Matched subjectAltName: mail.centurylink.net
posttls-finger: mail.centurylink.net[205.219.233.9]:587: subjectAltName: pop.centurylink.net
posttls-finger: mail.centurylink.net[205.219.233.9]:587: subjectAltName: smtp.centurylink.net
posttls-finger: mail.centurylink.net[205.219.233.9]:587: subjectAltName: mx.centurylink.net
posttls-finger: mail.centurylink.net[205.219.233.9]:587: subjectAltName: smtp.embarqmail.com
posttls-finger: mail.centurylink.net[205.219.233.9]:587: subjectAltName: pop.embarqmail.com
posttls-finger: mail.centurylink.net[205.219.233.9]:587 CommonName mail.centurylink.net
posttls-finger: certificate verification failed for mail.centurylink.net[205.219.233.9]:587: untrusted issuer /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
posttls-finger: mail.centurylink.net[205.219.233.9]:587: subject_CN=mail.centurylink.net, issuer_CN=Symantec Class 3 Secure Server SHA256 SSL CA, fingerprint=FA:33:32:8E:8C:0B:72:D8:4E:BE:76:60:72:A5:F6:14:D0:FE:F9:75, pkey_fingerprint=66:A0:48:D7:4C:01:1A:17:18:BD:3D:92:DE:DB:D9:D2:70:9C:0B:18
posttls-finger: Untrusted TLS connection established to mail.centurylink.net[205.219.233.9]:587: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)
posttls-finger: > EHLO ...
posttls-finger: < 250-smtp02.agate.dfw.synacor.com says EHLO to ...
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-XDUMPCONTEXT
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-AUTH=LOGIN
posttls-finger: < 250 AUTH LOGIN
posttls-finger: > QUIT
posttls-finger: < 221 2.3.0 smtp02.agate.dfw.synacor.com closing connection


--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Chris-3
On Thu, 2017-11-30 at 21:49 -0500, Viktor Dukhovni wrote:

>
> >
> > On Nov 30, 2017, at 9:30 PM, Chris <[hidden email]> wrote:
> >
> > Thanks so much for the explanation Viktor. I didn't think it was a
> > postfix issue but hoped I would get something I could send to the
> > tech
> > support people to help figure this out. As far as trying another
> > MUA I
> > get the same error when sending with Evolution. Not every time but
> > more
> > often than not. It's hard to try and explain something to a tech
> > support person who knows absolutely nothing about Linux since
> > they're
> > only oriented towards window and maybe Mac. 
> Just tell tech support you're using MacOS/X, with the SMTP server
> on your account configured the same way as in Evolution:
>
> Hostname: ...
> Port: 587
> TLS (aka STARTTLS)
> Username: ...
> Correct password (they should not ask for the actual pw)
>
> If that only works intermittently (Evolution or pretend MacOS/X)
> then there's something wrong with the submission service.
>
> I guess I also see intermittent connectivity:
>
> $ posttls-finger "[smtp.embarqmail.com]:587"
> posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587
> posttls-finger: < 220 smtp.centurylink.net ESMTP
> posttls-finger: > EHLO ...
> posttls-finger: < 250-smtp04.onyx.dfw.sync.lan says EHLO to ...
> posttls-finger: < 250-STARTTLS
> posttls-finger: < 250-PIPELINING
> posttls-finger: < 250-ENHANCEDSTATUSCODES
> posttls-finger: < 250-AUTH=LOGIN
> posttls-finger: < 250-AUTH LOGIN
> posttls-finger: < 250 8BITMIME
> posttls-finger: > STARTTLS
> posttls-finger: < 220 2.0.0 continue
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587:
> subjectAltName: mail.centurylink.net
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587:
> subjectAltName: pop.centurylink.net
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587:
> subjectAltName: smtp.centurylink.net
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587:
> subjectAltName: mx.centurylink.net
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587: Matched
> subjectAltName: smtp.embarqmail.com
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587:
> subjectAltName: pop.embarqmail.com
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587 CommonName
> mail.centurylink.net
> posttls-finger: certificate verification failed for
> smtp.embarqmail.com[206.152.134.66]:587: untrusted issuer
> /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008
> VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root
> Certification Authority
> posttls-finger: smtp.embarqmail.com[206.152.134.66]:587:
> subject_CN=smtp.embarqmail.com, issuer_CN=Symantec Class 3 Secure
> Server SHA256 SSL CA,
> fingerprint=FA:33:32:8E:8C:0B:72:D8:4E:BE:76:60:72:A5:F6:14:D0:FE:F9:
> 75,
> pkey_fingerprint=66:A0:48:D7:4C:01:1A:17:18:BD:3D:92:DE:DB:D9:D2:70:9
> C:0B:18
> posttls-finger: Untrusted TLS connection established to
> smtp.embarqmail.com[206.152.134.66]:587: TLSv1.2 with cipher DHE-RSA-
> AES256-GCM-SHA384 (256/256 bits)
> posttls-finger: > EHLO ...
> posttls-finger: < 250-smtp04.onyx.dfw.sync.lan says EHLO to ...
> posttls-finger: < 250-AUTH=LOGIN
> posttls-finger: < 250-AUTH LOGIN
> posttls-finger: < 250-8BITMIME
> posttls-finger: < 250-ENHANCEDSTATUSCODES
> posttls-finger: < 250 PIPELINING
> posttls-finger: > QUIT
> posttls-finger: < 221 2.3.0 smtp04.onyx.dfw.sync.lan closing
> connection
>
> And just a bit later:
>
> $ posttls-finger "[smtp.embarqmail.com]:587"
> posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587
> posttls-finger: < 421 4.3.4 allocated resources exceeded
> posttls-finger: SMTP service not available: 421 4.3.4 allocated
> resources exceeded
>
> Perhaps there's a firewall that's filtering after unauthenticated
> connections,
> or they're just underpowered to handle the traffic...
>
> The certificate names include "mail.centurylink.net", and that also
> has port
> 587 accepting SMTP connections with STARTTLS and offers SASL
> auth.  However,
> that's a different IP address, and seems to not be turning away as
> much
> traffic.  Any chance that would be a correct/better submission host
> to use?
>
> $ posttls-finger "[mail.centurylink.net]:587"
> posttls-finger: Connected to mail.centurylink.net[205.219.233.9]:587
> posttls-finger: < 220 smtp.centurylink.net ESMTP
> posttls-finger: > EHLO ...
> posttls-finger: < 250-smtp02.agate.dfw.synacor.com says EHLO to ...
> posttls-finger: < 250-8BITMIME
> posttls-finger: < 250-XDUMPCONTEXT
> posttls-finger: < 250-PIPELINING
> posttls-finger: < 250-STARTTLS
> posttls-finger: < 250-ENHANCEDSTATUSCODES
> posttls-finger: < 250-AUTH=LOGIN
> posttls-finger: < 250 AUTH LOGIN
> posttls-finger: > STARTTLS
> posttls-finger: < 220 2.0.0 continue
> posttls-finger: mail.centurylink.net[205.219.233.9]:587: Matched
> subjectAltName: mail.centurylink.net
> posttls-finger: mail.centurylink.net[205.219.233.9]:587:
> subjectAltName: pop.centurylink.net
> posttls-finger: mail.centurylink.net[205.219.233.9]:587:
> subjectAltName: smtp.centurylink.net
> posttls-finger: mail.centurylink.net[205.219.233.9]:587:
> subjectAltName: mx.centurylink.net
> posttls-finger: mail.centurylink.net[205.219.233.9]:587:
> subjectAltName: smtp.embarqmail.com
> posttls-finger: mail.centurylink.net[205.219.233.9]:587:
> subjectAltName: pop.embarqmail.com
> posttls-finger: mail.centurylink.net[205.219.233.9]:587 CommonName
> mail.centurylink.net
> posttls-finger: certificate verification failed for
> mail.centurylink.net[205.219.233.9]:587: untrusted issuer
> /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008
> VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root
> Certification Authority
> posttls-finger: mail.centurylink.net[205.219.233.9]:587:
> subject_CN=mail.centurylink.net, issuer_CN=Symantec Class 3 Secure
> Server SHA256 SSL CA,
> fingerprint=FA:33:32:8E:8C:0B:72:D8:4E:BE:76:60:72:A5:F6:14:D0:FE:F9:
> 75,
> pkey_fingerprint=66:A0:48:D7:4C:01:1A:17:18:BD:3D:92:DE:DB:D9:D2:70:9
> C:0B:18
> posttls-finger: Untrusted TLS connection established to
> mail.centurylink.net[205.219.233.9]:587: TLSv1.2 with cipher AES256-
> GCM-SHA384 (256/256 bits)
> posttls-finger: > EHLO ...
> posttls-finger: < 250-smtp02.agate.dfw.synacor.com says EHLO to ...
> posttls-finger: < 250-ENHANCEDSTATUSCODES
> posttls-finger: < 250-XDUMPCONTEXT
> posttls-finger: < 250-PIPELINING
> posttls-finger: < 250-8BITMIME
> posttls-finger: < 250-AUTH=LOGIN
> posttls-finger: < 250 AUTH LOGIN
> posttls-finger: > QUIT
> posttls-finger: < 221 2.3.0 smtp02.agate.dfw.synacor.com closing
> connection
>
>
Something must have changed because since yesterday at 8pm CST I've
seen not a single problem. I'm not going to hold my breath however. 

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
17:13:09 up 9 days, 6:14, 1 user, load average: 0.36, 0.43, 0.35
Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Matus UHLAR - fantomas
>> $ posttls-finger "[smtp.embarqmail.com]:587"
>> posttls-finger: Connected to smtp.embarqmail.com[206.152.134.66]:587
>> posttls-finger: < 421 4.3.4 allocated resources exceeded
>> posttls-finger: SMTP service not available: 421 4.3.4 allocated
>> resources exceeded
>>
>> Perhaps there's a firewall that's filtering after unauthenticated
>> connections,
>> or they're just underpowered to handle the traffic...

On 01.12.17 17:16, Chris wrote:
>Something must have changed because since yesterday at 8pm CST I've
>seen not a single problem. I'm not going to hold my breath however. 

apparently admins have restarted or fixed the SMTP server issue.


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
Reply | Threaded
Open this post in threaded view
|

Re: host smtp.embarqmail.com[206.152.134.66] refused to talk to me: 421 4.3.4 allocated resources exceeded

Chris-3
On Sun, 2017-12-03 at 16:35 +0100, Matus UHLAR - fantomas wrote:

> >
> > >
> > > $ posttls-finger "[smtp.embarqmail.com]:587"
> > > posttls-finger: Connected to
> > > smtp.embarqmail.com[206.152.134.66]:587
> > > posttls-finger: < 421 4.3.4 allocated resources exceeded
> > > posttls-finger: SMTP service not available: 421 4.3.4 allocated
> > > resources exceeded
> > >
> > > Perhaps there's a firewall that's filtering after unauthenticated
> > > connections,
> > > or they're just underpowered to handle the traffic...
> On 01.12.17 17:16, Chris wrote:
> >
> > Something must have changed because since yesterday at 8pm CST I've
> > seen not a single problem. I'm not going to hold my breath
> > however. 
> apparently admins have restarted or fixed the SMTP server issue.
>
Apparently so Matus as it's still working correctly. They must have
realized after all my complaints that there really was something
something wrong especially as I've seen where others have noted the
same problem on other sites.

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
15:05:16 up 11 days, 4:06, 1 user, load average: 1.18, 0.41, 0.19
Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

signature.asc (188 bytes) Download Attachment