Answer the question
In order to leave comments, you need to log in
Why are there errors in mail certificates when moving a domain?
Good day.
We moved the site to a new server and changed the IP address of the domain to the IP address of this server. The mail server remained on the old server. The issue with connecting mail clients was solved by port forwarding from the new server to the old one, but there was a problem with the circulation of mail between our server and the servers of Yandex, Google, etc. ..
Mail inside the domain goes without any complaints, with Yandex and many other mailers there is a problem. When sending to mail.ru I get an error in the log
postfix/smtp[28500]: 416095740E87: to=, relay=mxs.mail.ru[94.100.180.150]:25, delay=1.8, delays=0.3/0.01/1.1/0.31, dsn=4.0.0, status=deferred (host mxs.mail.ru[94.100.180.150] said: 421 Please try again later (in reply to end of DATA command))
postfix/smtp[28500]: certificate verification failed for mx.yandex.ru[2a02:6b8::89]:25: untrusted issuer /C=PL/O=Unizeto Sp. z oo/CN=Certum CA
Oct 31 18:45:58 carcam postfix/smtp[28500]: 9419A5740EC5: to=, relay=mx.yandex.ru[2a02:6b8::89]:25, delay=1.6, delays =0.45/0/0.45/0.69, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued on mxfront6j.mail.yandex.net as d0cIvPPsqd-kQsOAxbM)
This letter was created automatically by the Mail.Ru server, you do not need to respond to it.
Unfortunately, your email could not be delivered to one or more recipients:
it2 @example .com
all relevant MX records point to non-existent hosts or (invalidly) to IP addresses
We recommend that you check that the recipient addresses are correct.
Answer the question
In order to leave comments, you need to log in
Actually, the mail tells you that it does not find servers corresponding to the MX-record of the mail server (sort of). Therefore, you have something with DNS.
For your case, you need to:
1) Add an MX record with the IP address of the MAIL SERVER for the main domain.com domain.
2) Create an A-record for the mail.domain.com
mail server
3) If you have a webmord connection, put your face on the main server and simply connect to the mailer from it - you don't need to forward anything. If you have something else - generate certificates for mail.domain.com , or take a wildcard certificate right away. By the way, for mailers, it seems like there are special certificates, but I didn’t really understand them.
By the way, certificates do not seem to be required to send at all.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question