Envoy sends reply emails via postfix (sendmail) on noodle (home server). Home IP 84.67.141.88 (Vodafone residential) has no PTR record and is on the Abusix blocklist. As a result, outbound SMTP from noodle is rejected by virtually all destination MX servers with 450/550 'cannot find your reverse hostname'.
EMAIL_REWRITE maps john.critchley@bluewin.ch → john@critchley.biz, so all envoy replies route through zoneedit MX (mx-caprica.zoneedit.com), which also rejects 84.67.141.88.
• Virgin Media SMTP relay — ISP changed to Vodafone on 2026-03-01; Virgin credentials no longer available.• Vodafone SMTP — DNS did not resolve; no free relay offered.• Direct to bluewin.ch MX — IP 84.67.141.88 on Abusix blocklist; rejected.• SOCKS5 proxy (localhost:1080 → stunnel → AWS noodle, exit IP 3.0.202.93) — AWS blocks outbound port 25 by default. Port 587 reachable but XOAUTH2 still failed.• Office365 XOAUTH2 SMTP (smtp.office365.com / smtp-mail.outlook.com, port 587) — token acquired via MSAL device flow with SMTP.Send scope, but AUTH XOAUTH2 returns 535. Confirmed broken for personal Outlook.com/Hotmail accounts (MS known issue). See utils/get_smtp_token.py for the token acquisition script (kept for reference).
Signed up for Brevo free tier (300 emails/day). Configured orchestrator to deliver via Brevo directly (bypassing local postfix entirely).
See deliver_via_mail() in orchestrator.py — rewrites to Brevo, does starttls + login.
Note: brevo1._domainkey uses dot+underscore (as shown in Brevo dashboard). Verify via authoritative NS: dig @ns12.zoneedit.com brevo1._domainkey.critchley.biz CNAME
The outlook.com SPF was replaced with brevo.com. The Google verification TXT was kept.
• Brevo domain not yet verified — DKIM verification takes up to 48h from 2026-03-01. Until verified, DKIM will not be applied and mail may hit spam.• 4 queue emails resent — delivery unconfirmed — The 4 stuck postfix queue messages (Re: Second poem, Re: Ping, Re: test alpha, john.envoy) were resent via Brevo using postcat + direct SMTP. Brevo returned 250 OK but end-delivery not confirmed. Check Brevo dashboard (Transactional → Email → Logs).• Test email delivery unconfirmed — Test email sent to envoy_test@critchley.biz via Brevo; did not appear in IMAP inbox or popit3 run. Unclear if envoy_test@ forwards to hotmail or to the local IMAP server.• Postfix still running locally — Postfix on noodle will still try to deliver any mail generated by local sendmail (e.g. cron). Orchestrator now bypasses it for envoy replies, but other local mail is unaffected.• 300 email/day Brevo limit — Free tier cap. Envoy generates low volume so should be fine, but worth monitoring.
• Wait 48h and re-check Brevo domain authentication status.• Check Brevo dashboard logs to confirm the 4 resent emails were delivered.• Consider getting a PTR record from Vodafone (unlikely for residential).• Consider a VPS or fixed IP for outbound mail.• Consider Mailgun, SendGrid, or Amazon SES as Brevo alternatives if needed.• If XOAUTH2 is ever fixed by Microsoft for personal accounts, revert to that (token script is in utils/get_smtp_token.py).