“TLS is required, but was not offered by host alt4.gmail-smtp-in.l.google.com[64.233.186.27]”

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite
1












Sending emails using TLS not working. Without its working. Copy of tls_policy_file (if I change gmail to secure it gives TLS is requied error):



 cat /etc/postfix/tls_policy
 gmail.com may


Copy of main.cf



alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 command_directory = /usr/sbin
 config_directory = /etc/postfix
 daemon_directory = /usr/libexec/postfix
 data_directory = /var/lib/postfix
 debug_peer_level = 2
disable_dns_lookups = no
 html_directory = no
inet_interfaces = all
inet_protocols = ipv4
 mail_owner = postfix
 mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 14400s
maximal_queue_lifetime = 1d
milter_default_action = accept
minimal_backoff_time = 3600s
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = abc.com
mynetworks = 10.5.78.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_pix_workarounds = delay_dotcrlf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_milters = inet:127.0.0.1:8891
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/pki/tls/certs/abc-int-cert.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/abc.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/abc.com.key
 smtpd_tls_loglevel = 1
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_received_header = yes
smtpd_tls_security_level = may 
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550





postfix smtp







share|improve this question























  • Does it work if you use verify instead of secure?
    – tarleb
    Sep 21 '16 at 18:24














up vote
0
down vote

favorite
1












Sending emails using TLS not working. Without its working. Copy of tls_policy_file (if I change gmail to secure it gives TLS is requied error):



 cat /etc/postfix/tls_policy
 gmail.com may


Copy of main.cf



alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 command_directory = /usr/sbin
 config_directory = /etc/postfix
 daemon_directory = /usr/libexec/postfix
 data_directory = /var/lib/postfix
 debug_peer_level = 2
disable_dns_lookups = no
 html_directory = no
inet_interfaces = all
inet_protocols = ipv4
 mail_owner = postfix
 mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 14400s
maximal_queue_lifetime = 1d
milter_default_action = accept
minimal_backoff_time = 3600s
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = abc.com
mynetworks = 10.5.78.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_pix_workarounds = delay_dotcrlf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_milters = inet:127.0.0.1:8891
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/pki/tls/certs/abc-int-cert.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/abc.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/abc.com.key
 smtpd_tls_loglevel = 1
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_received_header = yes
smtpd_tls_security_level = may 
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550





postfix smtp







share|improve this question























  • Does it work if you use verify instead of secure?
    – tarleb
    Sep 21 '16 at 18:24












up vote
0
down vote

favorite
1









up vote
0
down vote

favorite
1






1





Sending emails using TLS not working. Without its working. Copy of tls_policy_file (if I change gmail to secure it gives TLS is requied error):



 cat /etc/postfix/tls_policy
 gmail.com may


Copy of main.cf



alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 command_directory = /usr/sbin
 config_directory = /etc/postfix
 daemon_directory = /usr/libexec/postfix
 data_directory = /var/lib/postfix
 debug_peer_level = 2
disable_dns_lookups = no
 html_directory = no
inet_interfaces = all
inet_protocols = ipv4
 mail_owner = postfix
 mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 14400s
maximal_queue_lifetime = 1d
milter_default_action = accept
minimal_backoff_time = 3600s
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = abc.com
mynetworks = 10.5.78.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_pix_workarounds = delay_dotcrlf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_milters = inet:127.0.0.1:8891
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/pki/tls/certs/abc-int-cert.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/abc.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/abc.com.key
 smtpd_tls_loglevel = 1
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_received_header = yes
smtpd_tls_security_level = may 
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550





postfix smtp







share|improve this question















Sending emails using TLS not working. Without its working. Copy of tls_policy_file (if I change gmail to secure it gives TLS is requied error):



 cat /etc/postfix/tls_policy
 gmail.com may


Copy of main.cf



alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 command_directory = /usr/sbin
 config_directory = /etc/postfix
 daemon_directory = /usr/libexec/postfix
 data_directory = /var/lib/postfix
 debug_peer_level = 2
disable_dns_lookups = no
 html_directory = no
inet_interfaces = all
inet_protocols = ipv4
 mail_owner = postfix
 mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 14400s
maximal_queue_lifetime = 1d
milter_default_action = accept
minimal_backoff_time = 3600s
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = abc.com
mynetworks = 10.5.78.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_pix_workarounds = delay_dotcrlf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_milters = inet:127.0.0.1:8891
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/pki/tls/certs/abc-int-cert.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/abc.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/abc.com.key
 smtpd_tls_loglevel = 1
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_received_header = yes
smtpd_tls_security_level = may 
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550





postfix smtp




postfix smtp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 21 '16 at 19:38









Braiam

22.6k1971132




22.6k1971132










asked Sep 21 '16 at 17:45









Sag

11




11











  • Does it work if you use verify instead of secure?
    – tarleb
    Sep 21 '16 at 18:24
















  • Does it work if you use verify instead of secure?
    – tarleb
    Sep 21 '16 at 18:24















Does it work if you use verify instead of secure?
– tarleb
Sep 21 '16 at 18:24




Does it work if you use verify instead of secure?
– tarleb
Sep 21 '16 at 18:24










1 Answer
1






active

oldest

votes

















up vote
0
down vote













If you are using the secure policy, and since Gmail machines use certificates signed for mx.google.com, you should set the match attribute to an appropriate value:



gmail.com secure match=mx.google.com:.mx.google.com
.gmail.com secure match=mx.google.com:.mx.google.com


See the documentation for the smtp_tls_verify_cert_match and smtp_tls_secure_cert_match parameters for details.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f311401%2ftls-is-required-but-was-not-offered-by-host-alt4-gmail-smtp-in-l-google-com64%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    If you are using the secure policy, and since Gmail machines use certificates signed for mx.google.com, you should set the match attribute to an appropriate value:



    gmail.com secure match=mx.google.com:.mx.google.com
    .gmail.com secure match=mx.google.com:.mx.google.com


    See the documentation for the smtp_tls_verify_cert_match and smtp_tls_secure_cert_match parameters for details.






    share|improve this answer
























      up vote
      0
      down vote













      If you are using the secure policy, and since Gmail machines use certificates signed for mx.google.com, you should set the match attribute to an appropriate value:



      gmail.com secure match=mx.google.com:.mx.google.com
      .gmail.com secure match=mx.google.com:.mx.google.com


      See the documentation for the smtp_tls_verify_cert_match and smtp_tls_secure_cert_match parameters for details.






      share|improve this answer






















        up vote
        0
        down vote










        up vote
        0
        down vote









        If you are using the secure policy, and since Gmail machines use certificates signed for mx.google.com, you should set the match attribute to an appropriate value:



        gmail.com secure match=mx.google.com:.mx.google.com
        .gmail.com secure match=mx.google.com:.mx.google.com


        See the documentation for the smtp_tls_verify_cert_match and smtp_tls_secure_cert_match parameters for details.






        share|improve this answer












        If you are using the secure policy, and since Gmail machines use certificates signed for mx.google.com, you should set the match attribute to an appropriate value:



        gmail.com secure match=mx.google.com:.mx.google.com
        .gmail.com secure match=mx.google.com:.mx.google.com


        See the documentation for the smtp_tls_verify_cert_match and smtp_tls_secure_cert_match parameters for details.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Sep 21 '16 at 18:39









        tarleb

        1,477519




        1,477519



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f311401%2ftls-is-required-but-was-not-offered-by-host-alt4-gmail-smtp-in-l-google-com64%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            Peggy Mitchell

            Image
            EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
            Read more

            Palaiologos

            Image
            Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
            Read more

            The Forum (Inglewood, California)

            Image
            The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
            Read more