-----Original Message-----
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Viktor Dukhovni
Sent: Friday, November 13, 2015 11:10
To: postfix-users@postfix.org
Subject: Re: new deployment fails to receive email from "just" gmail
successfully
On Thu, Nov 12, 2015 at 08:41:43PM -0600, Chris Boylan wrote:
> In the process of converting from courier to postfix. Test configuration
> receives email fine except from google (gmail) which drops us without really
> complaining:
>
> Nov 12 20:00:41 mail0 postfix/smtpd[24249]: initializing the server-side TLS
> engine
> Nov 12 20:00:41 mail0 postfix/smtpd[24249]: connect from
mail-yk0-f172.google.com[209.85.160.172]
> Nov 12 20:00:41 mail0 postfix/smtpd[24249]: smtp_stream_setup: maxtime=300
enable_deadline=0
No hand-off from postscreen(8), this smtpd(8) is a direct "inet" listener.
> Nov 12 20:00:41 mail0 postfix/smtpd[24249]: auto_clnt_open: connected to
private/anvil
> Nov 12 20:00:41 mail0 postfix/smtpd[24249]: event_enable_read: fd 18
> Nov 12 20:00:41 mail0 postfix/smtpd[24249]: send attr request = connect
> Nov 12 20:00:41 mail0 postfix/smtpd[24249]: send attr ident =
submission:209.85.160.172
This is the submission service on port 587. Not the inbound SMTP
service on port 25. No idea why google is connecting to port 587
on your machine, perhaps you have some sort of private arrangement
with Gmail to route mail for some domains via your own SMTP server.
On port 587, they probably want a trusted certificate.
--
Viktor.
Definitely nothing private with Google.
> This is the submission service on port 587. Not the inbound SMTP
service on port 25.
Where do you get this from out of the log? I realized from what you wrote
that I don't see the port number in the log.
We bought your basic organization ssl cert and it's the same cert that we're
using with courier so no change there although the openssl output is slightly
different which I don't get. This is the chain from openssl:
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.actualsoftware.com
i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,
Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure
Certificate Authority - G2
1 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,
Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure
Certificate Authority - G2
i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield
Root Certificate Authority - G2
2 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield
Root Certificate Authority - G2
i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification
Authority
3 s:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification
Authority
i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification
Authority
