On 2/12/2010 11:21 AM, Michael Saldivar wrote:
On Wed, Feb 10, 2010 at 5:54 PM, Rob Tanner <[email protected] <mailto:[email protected]>> wrote:>> TLS is enabled on port 25 of our server and it has a regular Thawte >> certificate behind it. Tests with Thunderbird using PLAIN >> authentication (SASL method) work perfectly. From our point of view, >> all we really want to protect in any SMTP transaction are the user >> credentials (uid/passwd) and what we are doing is currently >> sufficient. Google, on the other hand is doing something different or >> expecting something different and I have no idea what. If you are >> successfully using a similar setup with Gmail, could you please pass >> on your wisdom. > Watch your postfix logs and start debugging when gmail tries to > authenticate against your server.... The problem is the log files are rather large (a quarter million lines since the 4 am roll this morning, and there are lots of google entries. In other words I've already spent time just trying to find the entries. Any idea about particular keywords that I might look for? . >> >> Thanks, >> Rob An easy way to watch is to tail -f the logfile, tell Gmail to send a message, and then watch the log scroll past. You will see the authorization attempt and your server's response. Also, in your Gmail account, check the submission port. There's a drop down list from which you can choose 25, 465, and 587; it defaults to 587.
And another great trick for finding stuff in your logs is to tag submission entries with a different syslog_name.
# master.cf submission ... smtpd -o syslog_name=postfix-submission ... http://www.postfix.org/postconf.5.html#syslog_name -- Noel Jones
