I am trying to send email through gmail via postfix, but it shows me the following error:

Must issue a STARTTLS command first.

Sep  6 01:11:34 NovusTec postfix/smtp[10889]: 1284460D68: to=<[email protected]>, relay=smtp.gmail.com[64.233.190.108]:587, delay=2882, delays=2881/0.02/0.83/0.19, dsn=5.7.0, status=bounced (host smtp.gmail.com[64.233.190.108] said: 530 5.7.0 Must issue a STARTTLS command first. k65sm16819558qkf.7 - gsmtp (in reply to MAIL FROM command))

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localdomain, localhost, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

smtp_use_tls=yes
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =  
smtp_tls_CAfile = /etc/ssl/certs

I tried several configurations informed on other sites without success = \

Can anybody help me?

Your problem is your ca certificates. exactly on line smtp_tls_CAfile = /etc/ssl/certs to confirm that, add the following to main.cf and restart postfix service.

debug_peer_list=smtp.gmail.com
debug_peer_level=3

Now send another email and look at /var/log/mail.log. You will see this message: cannot load Certificate Authority data: disabling TLS support.

Now change smtp_tls_CAfile = /etc/ssl/certs to smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt. This is for Debian/Ubuntu, you should find the file path for your respective distribution.

Restart postfix service and test send again. You should be up and running.

Remember to remove logging lines after the issue is fixed.

#debug_peer_list=smtp.gmail.com
#debug_peer_level=3

I kept getting that error until I added in main.cf

smtp_tls_security_level=encrypt

not sure what the default is...

I was getting this problem for communication with one particular mailserver and not any others and it turned out to be that particular mailserver had an unusual TLD which was not listed in my /etc/postfix/tls_policy and so was getting the default value of smtp_use_tls which was not being set and was defaulting to no. I'd missed this because smtpd_use_tls was correctly being set to yes.

This led me to realize that my mailserver settings for smtpd_*_tls were all correctly configured (so incoming mail was fine) but the ones for smtp_*_tls were mostly set to defaults, and it was only because of the /etc/postfix/tls_policy (set to may for most TLDs) that I was using encryption anywhere.

None of this became obvious to me until I was reviewing the output of postconf | grep _tls for my configuration rather than just looking at /etc/postfix/main.cf.