Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Postfix - Must issue a STARTTLS command first

I am trying to send email through gmail via postfix, but it shows me the following error:

Must issue a STARTTLS command first.

Sep  6 01:11:34 NovusTec postfix/smtp[10889]: 1284460D68: to=<[email protected]>, relay=smtp.gmail.com[64.233.190.108]:587, delay=2882, delays=2881/0.02/0.83/0.19, dsn=5.7.0, status=bounced (host smtp.gmail.com[64.233.190.108] said: 530 5.7.0 Must issue a STARTTLS command first. k65sm16819558qkf.7 - gsmtp (in reply to MAIL FROM command))

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localdomain, localhost, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

smtp_use_tls=yes
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =  
smtp_tls_CAfile = /etc/ssl/certs

I tried several configurations informed on other sites without success = \

Can anybody help me?

like image 583
Espector Avatar asked Sep 06 '16 05:09

Espector


People also ask

What is Starttls command in SMTP?

But what is StartTLS? StartTLS is a protocol command used to inform the email server that the email client wants to upgrade from an insecure connection to a secure one using TLS or SSL. StartTLS is used with SMTP and IMAP, while POP3 uses the slightly different command for encryption, STLS.

Is Starttls required?

STARTTLS is required when trying to send an email within SQL Server.


2 Answers

Your problem is your ca certificates. exactly on line smtp_tls_CAfile = /etc/ssl/certs to confirm that, add the following to main.cf and restart postfix service.

debug_peer_list=smtp.gmail.com
debug_peer_level=3

Now send another email and look at /var/log/mail.log. You will see this message: cannot load Certificate Authority data: disabling TLS support.

Now change smtp_tls_CAfile = /etc/ssl/certs to smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt. This is for Debian/Ubuntu, you should find the file path for your respective distribution.

Restart postfix service and test send again. You should be up and running.

Remember to remove logging lines after the issue is fixed.

#debug_peer_list=smtp.gmail.com
#debug_peer_level=3
like image 53
Farhad Farahi Avatar answered Sep 19 '22 16:09

Farhad Farahi


I kept getting that error until I added in main.cf

smtp_tls_security_level=encrypt

not sure what the default is...

like image 43
Lior Galanti Avatar answered Sep 19 '22 16:09

Lior Galanti