Postfix Using Gmail Relay: Must issue a STARTTLS command first
34,684
Solution 1
You should use smtp_enforce_tls = yes
Solution 2
It seems that your postfix tries to issue AUTH
before issuing STARTTLS
(-> it does not issue STARTTLS
). AFAIK Gmail offers SMTP AUTH on ports 25 and 587 only after STARTTLS.
Have you restarted postfix daemon after adding smtp_use_tls=yes
?
http://mhawthorne.net/posts/postfix-configuring-gmail-as-relay.html
Solution 3
I can confirm that setting smtp_tls_security_level = encrypt
in /etc/postfix.main.cf resolves this issue.
Related videos on Youtube
Author by
user312837
Updated on September 18, 2022Comments
-
user312837 almost 2 years
I get this error: Must issue a STARTTLS command first with all sent mail.
Can anyone see why?
main.cf:
relayhost=[smtp.gmail.com]:587 smtp_connection_cache_destinations= [smtp.gmail.com]:587 #TLS parameters smtpd_use_tls = yes smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = no smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = hash:/etc/postfix/tls_policy smtp_tls_security_level = encrypt # SASL Configuration smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_enforce_tls = no smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_mechanism_filter = plain smtp_sasl_tls_security_options = noanonymous
tls_policy
[smtp.gmail.com]:587 encrypt
sasl_passwd
smtp.gmail.com:587 [email protected]:password
And, yes, I have run postmap on all the data files and have reloaded postfix after making changes.
TIA
-
Janus Troelsen over 9 yearsyou don't need to specify
smtp_use_tls=yes
if you use the policymap (as you seemingly have to with gmail) -
Cbhihe over 8 years@JanusTroelsen: No, a policy map for TLS encryption isn't compulsory to access Gmail services. It just specifies an optional lookup table ( viz. postfix.org/postconf.5.html#smtp_tls_policy_maps) . OP just uses them because he/she/it wants to. Anyway
smtp_use_tls=yes
is obsolete and superseded bysmtp_tls_security_level = encrypt
. OP could do without it.