someting wrote:Received: from mail.examplexx.com (mail.examplexx.com. [191.xxx.xxx.123])
by mx.google.com with ESMTP id n14si3859523qkl.104.2017.02.15.14.23.45
for <mygmail@gmail.com>;
Wed, 15 Feb 2017 14:23:47 -0800 (PST)This one is the key.
Do you have "smtp_tls_received_header = yes" in Postfix main.cf? NOTE: for server-to-server communication, it's "smtp_tls_received_header", not "smtpd_*"
Postfix doesn't seem to like "smtp_tls_received_header = yes". And it seems that only the internal smtpd connections are being encrypted and the outbound smtp connection to Gmail isn't.
You're right that is key.
While my emails show:
Received: from mail.examplexx.com (mail.examplexx.com. [191.xxx.xxx.123])
by mx.google.com with ESMTP id n14si3859523qkl.104.2017.02.15.14.23.45
for <mygmail@gmail.com>;
Wed, 15 Feb 2017 14:23:47 -0800 (PST)
And should be:
Received: from mail.examplexx.com (mail.examplexx.com. [191.xxx.xxx.123])
by mx.google.com with ESMTP id n14si3859523qkl.104.2017.02.15.14.23.45
for <mygmail@gmail.com>;
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Wed, 15 Feb 2017 14:23:47 -0800 (PST)
It seems that the default settings of "smtp_tls_security_level = may" should be enough to apply tls to the server to server connection. Forcing encrypt with "smtp_tls_security_level = encrypt" makes the email undeliverable to Gmail - an email provider that definitely has tls capabilities.
Currently editing these in main.cf.
Maybe these settings need to be changed in master.cf to allow for the server to server smtp encryption?