Issues with Gmail Delivery

Discussion in 'Installation/Configuration' started by 3DPeruna, Mar 8, 2012.

  1. 3DPeruna

    3DPeruna New Member

    I've got a relatively new ISPConfig 3 server running with the free SSL. Everything was running well until last Thursdayish. At that point email, primarily from Gmail, started to get rejected or rejected and delayed, or just delayed. This is an email sent from someone who got a rejection:

    Code:
    This is an automatically generated Delivery Status Notification
    
    THIS IS A WARNING MESSAGE ONLY.
    
    YOU DO NOT NEED TO RESEND YOUR MESSAGE.
    
    Delivery to the following recipient has been delayed:
    
        paul@xxxxxxxx.com
    
    Message will be retried for 2 more day(s)
    
    Technical details of temporary failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 454 454 4.7.0 TLS not available due to local problem (state 9).
    
    ----- Original message -----
    
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
           d=gmail.com; s=20120113;
           h=mime-version:in-reply-to:references:date:message-id:subject:from:to
            :content-type;
           bh=oze4JDDYpelUVo7WQEQEgHCWUukAnK83ecV8+hy5l88=;
           b=EF0U1HtuWtd710KH0AH3/l4x0jbpiC2IVo4DSA+6TXjpYaZhrJo6+Fd5g/7/q63WpK
            qsuoqDjvOU0oKfgg7mOdQkgn/Q1XbX4LS8uLkjpcUcSZIrvC/kSBHxk41Z+6ynUhl4iH
            Y+5qG8kRm3+DGtFbNKzZxc2lxPJSCk/i8Uim6U6MncbTnItvedfg9lX85MZVutqWU8+K
            6NSFhZYwmTn7IE6mZZLUbpzBFePH6Mz/xvMPtbMC32T5/xPDb1fCFh4f1p+T3cTg1iYG
            koRRm3lVCuQCVsbHz+kZD7U0Obnr2O9MIjsVtdVgrUOH2ZS4VieNZbCYg58ers+6O9Xf
            P6Wg==
    MIME-Version: 1.0
    Received: by 10.204.9.194 with SMTP id m2mr9011495bkm.92.1330991982401; Mon,
     05 Mar 2012 15:59:42 -0800 (PST)
    Received: by 10.204.33.201 with HTTP; Mon, 5 Mar 2012 15:59:42 -0800 (PST)
    In-Reply-To: <4F54DB5B.4060401@protospace.com>
    References: <CALTDuYEknA+j2kJtfa_nDzB=ODCN8sbpUOsYBvYxpMMri=tiCw@mail.gmail.com>
           <4F54DB5B.4060401@protospace.com>
    Date: Mon, 5 Mar 2012 17:59:42 -0600
    Message-ID: <CALTDuYFh7BabQz=zEQ2P0qjgbgx2rEi7S84BWTGCA1JZ7di-Rw@mail.gmail.com>
    Subject: Re:
    From: XXXXXXXX <xxxxxxxxx@gmail.com>
    To: XXXXX <xxxx@XXXXXXXX.com>
    Content-Type: multipart/alternative; boundary=0015175d02a24f583d04ba87b843
    It seems to only be happening from Gmail... any ideas?
     
  2. kwickcut

    kwickcut Member

    We recommend contacting the other email provider this is you
    i am not 100% sure but looks like you ssl cert is no good or something is wrong with it
     
  3. 3DPeruna

    3DPeruna New Member

    Thanks... I recreated the certificates, creating a class 1 following these instructions: http://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl. Unfortunately, it doesn't appear to have changed much. Gmail still isn't delivering mail in a timely manner.

    But, it does maybe point to an issue on my server.

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = mydomain.com
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = mydomain.com, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf$
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_$
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    message_size_limit = 0
    
    Something amiss here? (note: myhostname = mydomain.com actually has my domain in it)
     
  4. 3DPeruna

    3DPeruna New Member

    I've verified that I can receive mail from Hotmail, Yahoo and just about every other provider EXCEPT Gmail.

    Anybody else experience this?
     
  5. falko

    falko Super Moderator

    Are there any errors in your mail log (in the /var/log/ directory)?
     
  6. 3DPeruna

    3DPeruna New Member

    Falko: No, both logs are empty of errors. /var/log/mail.log just shows regular traffic and /var/log/mail.err doesn't have anything.

    However, I ran tail -f /var/log/syslog, then went to Gmail and sent a message and watched the log. This is what came up:

    Code:
    Mar  9 08:19:14 myserver postfix/smtpd[4131]: warning: cannot get RSA certificate from file /etc/postfix/smtpd.crt: disabling TLS support
    Mar  9 08:19:14 myserver postfix/smtpd[4131]: warning: TLS library problem: 4131:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/postfix/smtpd.crt','r'):
    Mar  9 08:19:14 myserver postfix/smtpd[4131]: warning: TLS library problem: 4131:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
    Mar  9 08:19:14 myserver postfix/smtpd[4131]: warning: TLS library problem: 4131:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:
    Mar  9 08:19:14 myserver postfix/smtpd[4131]: connect from mail-we0-f169.google.com[74.125.82.169]
    Mar  9 08:19:15 myserver postfix/cleanup[4132]: 12B6D1EA0673: message-id=<20120309141915.12B6D1EA0673@myserver.com>
    Mar  9 08:19:15 myserver postfix/smtpd[4131]: disconnect from mail-we0-f169.google.com[74.125.82.169]
    Mar  9 08:19:15 myserver postfix/qmgr[4042]: 12B6D1EA0673: from=<double-bounce@myserver.com>, size=943, nrcpt=1 (queue active)
    Mar  9 08:19:15 myserver postfix/local[4133]: 12B6D1EA0673: to=<root@myserver.com>, orig_to=<postmaster>, relay=local, delay=0.15, delays=0.09/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)
    Mar  9 08:19:15 myserver postfix/qmgr[4042]: 12B6D1EA0673: removed
     
  7. falko

    falko Super Moderator

    Shouldn't /etc/postfix/smtpd.crt be /etc/postfix/smtpd.cert? What's the output of
    Code:
    ls -la /etc/postfix/
    ?
     
  8. 3DPeruna

    3DPeruna New Member

    Thanks Falko!

    Stupid typos!
     
  9. scmeis1

    scmeis1 New Member

    You not the only one that has issues with Gmail. I have been watching this thread for a bit, but I do not have a spelling error.

    I am curious, did that fix your issue?
     
: error, gmail, tls

Share This Page