Hi again.
The following settings are from my server. They may not necessarily work with
yours.
# Smtpd means mails you receive from outside, smtp covers mails you send to
other servers.
The notification from Google is telling you that your Reverse DNS does not
point to your server. Are you on a Dynamic IP, or VPS network?
> 550-5.7.1 not meet IPv6 sending guidelines regarding PTR
Have you tried setting the preferred inet to ipV4.?
inet_protocols = ipv6, ipv4
inet_interfaces=all
smtp_address_preference = ipv6
Gmail is being very picky about this stuff. You may also need to set up your
authenticated email with Google. See the address shown in your returned email.
You also have an unused parameter smtp_tls_auth_only This apparently doesn’t
exist in postfix’s set of options.
> postconf: warning: /etc/postfix/main.cf: unused parameter:
> smtp_tls_auth_only=yes
Which I think may be referring to the second line. It should be
smtpd_tls_auth_only.
Ciphers:
1. No shared cipher. Did you fix the error in your list of ciphers mentioned
earlier. I doubt you actually need such a big list anyway.
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtp_tls_mandatory_ciphers = high
Robert
> On 11 Dec 2018, at 10:35, Marco Fioretti <marco.fiore...@gmail.com> wrote:
>
> hello all,
> this is the same server, same situation for which I asked for help
> yesterday. Right now, after trying to test and follow up the advice
> received, this is the status:
>
> IMAPS: not working yet because of SSL "no shared cipher". Details
> here: https://dovecot.org/pipermail/dovecot/2018-December/113862.html
>
> POSTFIX: with the current configuration (see postconf -n output below)
> it seems I can:
>
> * receive email from all the mailing lists/newsletters I am subscribed to
>
> * connect with mutt from my home computer, and send email through this
> server to any other MTA I could use for testing, with two
> "exceptions":
>
> gmail still refuses connection, see below what I got from the last
> test a few minutes ago
>
> one server does accepts and deliver my messages, but flags them as
> spam (no idea why, all I see is a "X-Spam-Flag: YES" header...
>
> NOTIFICATION BY GMAIL:
>
> <marco.fiore...@gmail.com>: host
> gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b] said: 550-5.7.1
> [XXXXXXXXXXXX] Our system has detected that this message does
> 550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
> 550-5.7.1 authentication. Please review 550-5.7.1
> https://support.google.com/mail/?p=IPv6AuthError for more information 550
> 5.7.1 . t6si9122052wrw.74 - gsmtp (in reply to end of DATA command)
>
> Fact is, "XXXXXXXXXXXX" is the ipv6 address of the server for which I
> *did* add a reverse entry some hours ago (and I had done the same for
> the ipv4 dns record yesterday). In other words, I don't know what else
> I could / should do at this point on the DNS side.
>
> Here is the output of postconf -n:
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> xxgdb $daemon_directory/$process_name $process_id & sleep 5
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/postfix-2.4.3-documentation/html
> inet_interfaces = all
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = $myhostname, localhost
> mydomain = $myhostname
> myhostname = a.mx.MYDOMAIN
> mynetworks = 127.0.0.0/8, my.home.ip.address
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> non_smtpd_milters = inet:localhost:8891
> procmail_destination_recipient_limit = 1
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme
> relay_domains =
> sample_directory = /etc/postfix
> sender_dependent_relayhost_maps = hash:/etc/postfix/mymaps/relayhost_maps
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_mechanism_filter =
> smtp_sasl_password_maps = hash:/etc/postfix/mymaps/sasl_passwd
> smtp_sasl_security_options = noanonymous
> smtp_sasl_tls_security_options = noanonymous
> smtp_sasl_type = cyrus
> smtp_sender_dependent_authentication = yes
> smtp_tls_security_level = may
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> smtpd_milters = inet:localhost:8891
> smtpd_recipient_restrictions = reject_invalid_hostname,
> reject_non_fqdn_hostname, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain, permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> check_helo_access hash:/etc/postfix/reject_own_helo,
> check_policy_service unix:postgrey/socket
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = /var/spool/postfix/private/auth
> smtpd_sasl_type = dovecot
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/letsencrypt/archive/MYDOMAIN/fullchain1.pem
> smtpd_tls_key_file = /etc/letsencrypt/archive/MYDOMAIN/privkey1.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_security_level = may
> strict_rfc821_envelopes = yes
> unknown_address_reject_code = 554
> unknown_client_reject_code = 554
> unknown_hostname_reject_code = 554
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/mail/mymail_storage
> virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map
> virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map
> virtual_transport = procmail
> virtual_uid_maps = static:5000
> postconf: warning: /etc/postfix/main.cf: unused parameter:
> smtp_tls_auth_only=yes
Robert Chalmers
https://robert-chalmers.uk
aut...@robert-chalmers.uk
@R_A_Chalmers
