Estou executando o Postfix dentro de um contêiner docker. Os certificados são gerados com certbot.
Com a seguinte configuração:
smtpd_tls_cert_file=/var/keys/fullchain.pem
smtpd_tls_key_file=/var/keys/privkey.pem
smtpd_use_tls=yes
smtp_tls_security_level = encrypt
Cada tentativa de enviar um e-mail para o Gmail resulta em:
status=deferred (TLS is required but was not offered by host alt1.aspmx.l.google.co
Quando mudo smtp_tls_security_level
para may
, os e-mails estão sendo enviados; no entanto, sem TLS, isso não resolve o problema.
Quando faço uma verificação do openssl tls, tudo parece estar bem; não está anexando a e-mails.
Alguém tem ideia do que estou fazendo de errado?
Log após desabilitar o ipv6 e adicionar debug_peer_list:
Feb 8 10:50:24 92d95fdf2397 postfix/cleanup[489]: 2910E1667CE: message-id=<[email protected]>
Feb 8 10:50:24 92d95fdf2397 postfix/qmgr[481]: 2910E1667CE: from=<[email protected]>, size=6181, nrcpt=1 (queue active)
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: initializing the client-side TLS engine
Feb 8 10:50:24 92d95fdf2397 postfix/smtpd[485]: disconnect from ec2-54-154-126-37.eu-west-1.compute.amazonaws.com[54.154.126.37]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx.l.google.com[66.102.1.26]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host aspmx.l.google.com[66.102.1.26]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for alt1.aspmx.l.google.com[142.250.153.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host alt1.aspmx.l.google.com[142.250.153.27]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for alt2.aspmx.l.google.com[142.251.9.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host alt2.aspmx.l.google.com[142.251.9.27]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: smtp_stream_setup: maxtime=300 enable_deadline=0
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: < aspmx3.googlemail.com[142.251.9.27]:25: 220 ********************************************************************************
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: disable_esmtp
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: delay_dotcrlf
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx3.googlemail.com[142.251.9.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: > aspmx3.googlemail.com[142.251.9.27]:25: HELO mail.example.net
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: < aspmx3.googlemail.com[142.251.9.27]:25: 250 mx.google.com at your service
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: server features: 0x30000 size 0
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host aspmx3.googlemail.com[142.251.9.27]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: smtp_stream_setup: maxtime=300 enable_deadline=0
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: > aspmx3.googlemail.com[142.251.9.27]:25: QUIT
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: resource
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: software
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx2.googlemail.com[142.250.153.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: to=<[email protected]>, relay=aspmx2.googlemail.com[142.250.153.27]:25, delay=0.37, delays=0.05/0.01/0.31/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host aspmx2.googlemail.com[142.250.153.27])