Sendmail on Ubuntu trying to use Google Apps servers as a relay, by default?

I have a recently installed Ubuntu (natty) server, with a domain pointed to it. The mail for this domain is handled by Google Apps (via MX dns records pointing to Google's mail servers).

Now, I've installed logcheck, and am periodically getting emails (via logcheck) about the following log entries:

Jun 17 15:02:06 nattybox sm-mta[26023]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
Jun 17 13:02:07 nattybox sm-mta[8533]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
Jun 17 13:17:45 nattybox sm-mta[10465]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
Jun 17 13:51:56 nattybox sm-mta[14995]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
Jun 17 12:02:06 nattybox sm-mta[32143]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128

It looks like sendmail is trying to use the google mail servers as a relay, which I guess is failing? I installed sendmail via aptitude, and am using the configuration files that came with it. To be clear, sendmail seems to be working in that messages sent from this server get delivered just fine.

Are the above log messages something I should be concerned about, and if so, how would I go about fixing it?


The logging that you posted is just showing the attempted establishment of TLS over SMTP between your Sendmail and Google's server and nothing more. If your Sendmail is able to send to other addresses fine, then it is probably functioning.

You might send something to a non-Google address to examine its header. That will provide some quick answers to how your SMTP routing may be setup, in lieu of or in support of the rest of your Sendmail logs...


Yes this is only basically a warning and most likely your email is getting through. You probably can get rid of the message by adjusting your mail configuration file to NOT attempt to use SSL/TLS security in mail transmission. If I recall in a sendmail configuration it was a single line.