问题: gsuite 无法把信传送回自己的主机,gsuite后端则告诉我 TLS error
系统:Debian GNU/Linux 10 (buster) Postfix 3.4.14 Dovecot 2.3.4.1
备注: hostname:relayb.xxx.tw mydestination = $myhostname, $mydomain
注2:从一台正常运行的centos 7的main.cf复制过来的postfix 但是后端换成了
dovecot-lda跟mdbox
详细log在 https://pastebin.com/5Sc1BSUw
说明:
可以从gmail以比如[email protected] 收到信
也可以用帐密以dovecot-sasl连上postfix:submission(587)/smtp(25)传信到google,也
显示有TLS加密
但是在使用smtps(wrapper_mode=yes)则无法连上
在利用gsuite双重寄信的功能( https://support.google.com/a/answer/9228551 )回传
给这台postfix时,则显示TLS失败
目的为备份[email protected]收到的信(xxx.tw的mx已到gsuite上),且同样使用centos7备份,
就没有奇怪的问题
失败情况:google 传送 220 2.0.0 Ready to start TLS之后收到smtp_get: EOF 然后就
显示例如
Aug 24 17:10:51 relayb postfix/smtpd[29497]: Anonymous TLS connection
established from mail-wm1-f70.google.com[209.85.128.70]: TLSv1.3 with cipher
TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256
Aug 24 17:10:51 relayb postfix/smtpd[29497]: lost connection after STARTTLS
from mail-wm1-f70.google.com[209.85.128.70]
但是正常若是直接从gmail寄/收 [email protected]的信
Aug 24 17:10:39 relayb postfix/smtpd[29497]: connect from
mail-wm1-f41.google.com[209.85.128.41]
ug 24 17:10:40 relayb postfix/smtpd[29497]: Anonymous TLS connection
established from mail-wm1-f41.google.com[209.85.128.41]: TLSv1.3 with cipher
TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256
Aug 24 17:10:40 relayb postfix/smtpd[29497]: C614AA1187:
client=mail-wm1-f41.google.com[209.85.128.41]
Aug 24 17:10:40 relayb postfix/cleanup[29503]: C614AA1187:
message-id=<[email protected]>
Aug 24 17:10:40 relayb postfix/qmgr[29488]: C614AA1187:
from=<[email protected]>, size=2556, nrcpt=1 (queue active)
Aug 24 17:10:40 relayb postfix/local[29504]: C614AA1187:
to=<[email protected]>, relay=local, delay=0.08, delays=0.01/0.01/0/0.06,
dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/dovecot-lda -d
"$USER" -f "$SENDER" -a "$RECIPIENT")
作者:
bitlife (BIT一生)
2020-08-25 11:43:00虽然我没用过,但用你那个lost connection...那段去google,有人有同样问题,自己找到答案: MTA_STS policy was toblame. 祝好运