S
S
Sherys2014-10-31 18:01:45
Domain name market
Sherys, 2014-10-31 18:01:45

Why are there errors in mail certificates when moving a domain?

Good day.
We moved the site to a new server and changed the IP address of the domain to the IP address of this server. The mail server remained on the old server. The issue with connecting mail clients was solved by port forwarding from the new server to the old one, but there was a problem with the circulation of mail between our server and the servers of Yandex, Google, etc. ..
Mail inside the domain goes without any complaints, with Yandex and many other mailers there is a problem. When sending to mail.ru I get an error in the log

postfix/smtp[28500]: 416095740E87: to=, relay=mxs.mail.ru[94.100.180.150]:25, delay=1.8, delays=0.3/0.01/1.1/0.31, dsn=4.0.0, status=deferred (host mxs.mail.ru[94.100.180.150] said: 421 Please try again later (in reply to end of DATA command))

or such when sending to Yandex
postfix/smtp[28500]: certificate verification failed for mx.yandex.ru[2a02:6b8::89]:25: untrusted issuer /C=PL/O=Unizeto Sp. z oo/CN=Certum CA
Oct 31 18:45:58 carcam postfix/smtp[28500]: 9419A5740EC5: to=, relay=mx.yandex.ru[2a02:6b8::89]:25, delay=1.6, delays =0.45/0/0.45/0.69, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued on mxfront6j.mail.yandex.net as d0cIvPPsqd-kQsOAxbM)

If I send from mail.ru, a message arrives in a couple of minutes
This letter was created automatically by the Mail.Ru server, you do not need to respond to it.
Unfortunately, your email could not be delivered to one or more recipients:
it2 @example .com
all relevant MX records point to non-existent hosts or (invalidly) to IP addresses
We recommend that you check that the recipient addresses are correct.

Recreated ssl certificates, did not help. What could be the reason? Could this be due to the fact that the domain and the mail server are on different IPs? Before moving there were no such problems.
Thanks in advance!

Answer the question

In order to leave comments, you need to log in

1 answer(s)
I
Ivan, 2014-10-31
@LiguidCool

Actually, the mail tells you that it does not find servers corresponding to the MX-record of the mail server (sort of). Therefore, you have something with DNS.
For your case, you need to:
1) Add an MX record with the IP address of the MAIL SERVER for the main domain.com domain.
2) Create an A-record for the mail.domain.com
mail server 3) If you have a webmord connection, put your face on the main server and simply connect to the mailer from it - you don't need to forward anything. If you have something else - generate certificates for mail.domain.com , or take a wildcard certificate right away. By the way, for mailers, it seems like there are special certificates, but I didn’t really understand them.
By the way, certificates do not seem to be required to send at all.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question