-----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Friday, November 13, 2015 12:13 To: postfix-users@postfix.org Subject: Re: new deployment fails to receive email from "just" gmail successfully
On Fri, Nov 13, 2015 at 12:03:51PM -0600, Chris Boylan wrote: > > > In the process of converting from courier to postfix. Test configuration > > > receives email fine except from google (gmail) which drops us without really > > > complaining: > > > > > > Nov 12 20:00:41 mail0 postfix/smtpd[24249]: initializing the server-side TLS > > > engine > > > Nov 12 20:00:41 mail0 postfix/smtpd[24249]: connect from mail-yk0-f172.google.com[209.85.160.172] > > > Nov 12 20:00:41 mail0 postfix/smtpd[24249]: smtp_stream_setup: maxtime=300 enable_deadline=0 > > > > No hand-off from postscreen(8), this smtpd(8) is a direct "inet" listener. > > > > > Nov 12 20:00:41 mail0 postfix/smtpd[24249]: auto_clnt_open: connected to private/anvil > > > Nov 12 20:00:41 mail0 postfix/smtpd[24249]: event_enable_read: fd 18 > > > Nov 12 20:00:41 mail0 postfix/smtpd[24249]: send attr request = connect > > > Nov 12 20:00:41 mail0 postfix/smtpd[24249]: send attr ident = submission:209.85.160.172 > > > > This is the submission service on port 587. Not the inbound SMTP > > service on port 25. No idea why google is connecting to port 587 > > on your machine, perhaps you have some sort of private arrangement > > with Gmail to route mail for some domains via your own SMTP server. > > > > On port 587, they probably want a trusted certificate. > > Definitely nothing private with Google. Most likely Google's submission client disconnects after not seeing SASL AUTH at your port 587 service (which is not adequately configured to be a submission service per your reported master.cf settings). You should probably not have it enabled until it is more reasonably configured. Definitely. > > This is the submission service on port 587. Not the inbound SMTP > service on port 25. > > Where do you get this from out of the log? I realized from what you wrote > that I don't see the port number in the log. Read the log entries immediately above my reply. I carefully place my replies in their proper context. There is no port number in the log messages you reference. How do I interpret what's there as a port 587 connection rather than a port 25 connection? The SASL AUTH explanation makes more sense. Which leaves the question of why Gmail is trying to relay out via your server. I'll look at that. I found checktls.com and it has no complaints with our basic config. Thanks.
