LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-25-2011, 03:51 AM   #1
j.smith1981
Member
 
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161

Rep: Reputation: 1
Question Postfix with Centos 5.7 Gmail relay Must issue a STARTTLS command first


Hello I am trying to use my gmail address as a relay for Postfix, but I peristently get this error:

Quote:
Nov 25 09:39:01 server postfix/smtp[31870]: 4B31E3A6EF0: to=<myuser_example@gmail.com>, relay=smtp.gmail.com[209.85.173.108]:25, delay=0.48, delays=0.13/0.04/0.25/0.06, dsn=5.7.0, status=bounced (host smtp.gmail.com[209.85.173.108] said: 530 5.7.0 Must issue a STARTTLS command first. ne3sm22136496lab.7 (in reply to MAIL FROM command))
I have the following configuration in main.cf within the postfix directory:
Quote:
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
unknown_local_recipient_reject_code = 550

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_always_send_ehlo = yes
relayhost = smtp.gmail.com

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
debug_peer_level = 2

debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop

inet_protocols = ipv4
virtual_alias_domains =
myhostname = mail.domain.co.uk
myorigin = mail.domain.co.uk
mydomain = localhost
biff = no
mynetworks = 127.0.0.0/8
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_reject_unlisted_recipient = yes
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
policy_time_limit = 3600
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
recipient_delimiter = +
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
queue_run_delay = 300s
minimal_backoff_time = 300s
maximal_backoff_time = 4000s
enable_original_recipient = no
disable_vrfy_command = yes
allow_min_user = no
message_size_limit = 15728640
#message_size_limit = 524288000
virtual_minimum_uid = 500
virtual_uid_maps = static:500
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf, hash:/etc/postfix/transport
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = no
smtpd_recipient_restrictions = reject_unknown_sender_domain reject_unknown_recipient_domain reject_non_fqdn_sender reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_non_fqdn_helo_hostname reject_invalid_helo_hostname check_policy_service inet:127.0.0.1:10031
smtpd_tls_security_level = may
smtpd_enforce_tls = no
smtpd_tls_loglevel = 0
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
#
# Uncomment the following line to enable policyd sender throttle.
#
#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = ./dovecot-auth
content_filter = smtp-amavis:[127.0.0.1]:10024
mail_name = mail.domain.co.uk
#always_bcc = mail_backup
allow_mail_to_commands =
allow_mail_to_files =
forward_path =
Thats the file configuration.

I put a password and user details into the sasl_passwd file and used the map to put it into the database, but it's now saying:

Quote:
Must issue a STARTTLS command first
This would suggest I have logged in because before I was getting a completely different error (which is why I have made a new thread about this).

Tried a number of solutions from this forum but nothing seems to work, I have iRedmail as my smtp overall services.

Can someone help me with this please?

Last edited by j.smith1981; 11-25-2011 at 07:24 AM.
 
Old 11-25-2011, 06:54 PM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
how about something like this?

Quote:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_sasl_type = cyrus
smtp_sasl_tls_security_options = noanonymous
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_session_cache_database = btree:/var/cache/postfix/smtp_tls_scache
Code:
[root@machine ~]# cat /etc/postfix/tls_policy
[smtp.gmail.com]:587   may
see here for client tls settings.

Last edited by Berhanie; 11-25-2011 at 06:55 PM. Reason: added link to postfix docs
 
Old 11-26-2011, 03:02 AM   #3
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Try adding these to your main.cf and restart the service

Code:
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Maillog relay issue mosharaf_linux Linux - Server 4 07-28-2011 01:46 AM
Postfix : Must issue a STARTTLS command first jonaskellens Linux - Newbie 1 11-18-2009 09:23 AM
Postfix issue ; Must issue a STARTTLS command first after forcing TLS sarajevo Linux - Server 3 05-14-2009 08:28 AM
postfix relay thru gmail NeptunEz Linux - Networking 17 12-09-2006 09:10 AM
Postfix for Gmail relay Sinedie Linux - Server 1 11-16-2006 11:51 PM


All times are GMT -5. The time now is 06:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration