Re: new deployment fails to receive email from "just" gmail successfully

Fri, 13 Nov 2015 07:46:44 -0800 

On 12 Nov 2015, at 21:41, Chris Boylan wrote:
In the process of converting from courier to postfix. Test configuration receives email fine except from google (gmail) which drops us without really 
complaining:


Substantial abridgment for relevance follows...



Nov 12 20:00:41 mail0 postfix/smtpd[24249]: <

mail-yk0-f172.google.com[209.85.160.172]: EHLO 
mail-yk0-f172.google.com

Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-mail0.actualsoftware.com
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-PIPELINING
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-SIZE 10240000
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-VRFY
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-ETRN
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-STARTTLS
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-ENHANCEDSTATUSCODES
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-8BITMIME
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250 DSN
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: <
mail-yk0-f172.google.com[209.85.160.172]: STARTTLS
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 220 2.0.0 Ready to start TLS
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: Anonymous TLS connection

established from mail-yk0-f172.google.com[209.85.160.172]: TLSv1.2 
with cipher

ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: <

mail-yk0-f172.google.com[209.85.160.172]: EHLO 
mail-yk0-f172.google.com

Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-mail0.actualsoftware.com
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-PIPELINING
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-SIZE 10240000
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-VRFY
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-ETRN
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-ENHANCEDSTATUSCODES
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250-8BITMIME
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: >
mail-yk0-f172.google.com[209.85.160.172]: 250 DSN



So: you've got a connection, a plaintext EHLO and reply, STARTTLS 
command and complete setup of a strong TLS session, another EHLO & reply 
inside the TLS session, but then:



Nov 12 20:00:41 mail0 postfix/smtpd[24249]: smtp_get: EOF
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: match_hostname:
mail-yk0-f172.google.com ~? 10.1.0.0/16

Nov 12 20:00:41 mail0 postfix/smtpd[24249]: match_hostaddr: 
209.85.160.172 ~?

10.1.0.0/16
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: match_hostname:
mail-yk0-f172.google.com ~? 71.39.104.224/29

Nov 12 20:00:41 mail0 postfix/smtpd[24249]: match_hostaddr: 
209.85.160.172 ~?

71.39.104.224/29
Nov 12 20:00:41 mail0 postfix/smtpd[24249]: match_list_match:
mail-yk0-f172.google.com: no match

Nov 12 20:00:41 mail0 postfix/smtpd[24249]: match_list_match: 
209.85.160.172:

no match

Nov 12 20:00:41 mail0 postfix/smtpd[24249]: send attr request = 
disconnect

Nov 12 20:00:41 mail0 postfix/smtpd[24249]: send attr ident =
submission:209.85.160.172



That seems wrong. Not sure what those last 2 lines mean, but they smell 
bad...



I remember we had some issues with gmail when we installed courier 
that I

thought were related to ssl but comparing the results of
openssl s_client -connect localhost:25 -starttls smtp >& courier
vs.
openssl s_client -connect localhost:25 -starttls smtp >& postfix

seem "the same":



And since you got the TLS going enough for Google to send you an EHLO 
that you answered, this isn't anything like a normal SSL/TLS problem: 
that part works. Was that a test message that you sent & can 
characterize? One possibility is that GMail was trying to send something 
bigger than 10MB and so bailed at your SIZE reply (in a bad way.)




Interesting bits from main.cf:



How about a 'postconf -n'? To be blunt: if you don't understand a 
problem, you are unlikely to select what is actually "interesting" in 
the config that relates to the problem.



I have a feeling 'postconf -M' is also in order (if you're running a 
modern version of Postfix)


Also useful: what does a GMail sender get as a failure notice?






















					Reply via email to