Postfix cannot do TLS handshake to gmail

On my LEAP 15.1 server, I do not want to receive any mail, and want to send all mail via Gmail. Postfix is not working.

In main.cf at the end I have

relayhost = [smtp.gmail.com]:465
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/letsencrypt/live/jarfx.dyndns.org/fullchain.pem
#tlsmgr unix - - n 1000? 1 tlsmg

In sasl_passwd I have

[smtp.gmail.com]:465 me@gmail.com:app_password

And ran postmap on it. I did not put any google thing in master.cf

But if I try to send mail, I get errors doing the TLS handshake:

2020-06-15T14:49:57.163016-04:00 jarfx postfix/qmgr[694]: C4A36AA57: from=<wwwrun@jarfx.dyndns.org>, size=495, nrcpt=1 (queue active)
2020-06-15T14:49:57.173176-04:00 jarfx postfix/smtp[1147]: send attr request = lookup
2020-06-15T14:49:57.173443-04:00 jarfx postfix/smtp[1147]: send attr cache_type = smtp
2020-06-15T14:49:57.173622-04:00 jarfx postfix/smtp[1147]: send attr cache_id = amavis&[127.0.0.1]:10024&127.0.0.1&127.0.0.1&&92B631C47298EA55E927F88B35A4AF8BF791ADE6A6E4845294E9895884FC5513
2020-06-15T14:49:57.173822-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: status
2020-06-15T14:49:57.173971-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:49:57.174165-04:00 jarfx postfix/smtp[1147]: input attribute value: 4294967295
2020-06-15T14:49:57.174296-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: session
2020-06-15T14:49:57.174406-04:00 jarfx postfix/smtp[1147]: input attribute name: session
2020-06-15T14:49:57.174511-04:00 jarfx postfix/smtp[1147]: input attribute value: (end)
2020-06-15T14:49:57.174638-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: (list terminator)
2020-06-15T14:49:57.174829-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:49:57.175019-04:00 jarfx postfix/smtp[1147]: send attr request = seed
2020-06-15T14:49:57.175161-04:00 jarfx postfix/smtp[1147]: send attr size = 32
2020-06-15T14:49:57.175280-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: status
2020-06-15T14:49:57.175451-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:49:57.175611-04:00 jarfx postfix/smtp[1147]: input attribute value: 0
2020-06-15T14:49:57.175723-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: seed
2020-06-15T14:49:57.175891-04:00 jarfx postfix/smtp[1147]: input attribute name: seed
2020-06-15T14:49:57.176055-04:00 jarfx postfix/smtp[1147]: input attribute value: Bprg3btW0kFbRUYWTDthnDqPwHuYKnhbUtNCyLvRwYs=
2020-06-15T14:49:57.176195-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: (list terminator)
2020-06-15T14:49:57.176340-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:49:57.176473-04:00 jarfx postfix/smtp[1147]: SSL_connect error to 127.0.0.1[127.0.0.1]:10024: -1
2020-06-15T14:49:57.176629-04:00 jarfx postfix/smtp[1147]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:252:
2020-06-15T14:49:57.176799-04:00 jarfx postfix/smtp[1147]: send attr request = delete
2020-06-15T14:49:57.176962-04:00 jarfx postfix/smtp[1147]: send attr cache_type = smtp
2020-06-15T14:49:57.177114-04:00 jarfx postfix/smtp[1147]: send attr cache_id = amavis&[127.0.0.1]:10024&127.0.0.1&127.0.0.1&&92B631C47298EA55E927F88B35A4AF8BF791ADE6A6E4845294E9895884FC5513
2020-06-15T14:49:57.177234-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: status
2020-06-15T14:49:57.177367-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:49:57.177476-04:00 jarfx postfix/smtp[1147]: input attribute value: 4294967295
2020-06-15T14:49:57.177584-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: (list terminator)
2020-06-15T14:49:57.177717-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:49:57.177846-04:00 jarfx postfix/smtp[1147]: connect to subsystem private/defer
2020-06-15T14:49:57.177954-04:00 jarfx postfix/smtp[1147]: send attr nrequest = 0
2020-06-15T14:49:57.178124-04:00 jarfx postfix/smtp[1147]: send attr flags = 0
2020-06-15T14:49:57.178242-04:00 jarfx postfix/smtp[1147]: send attr queue_id = C4A36AA57
2020-06-15T14:49:57.178383-04:00 jarfx postfix/smtp[1147]: send attr original_recipient = jamesrome@gmail.com
2020-06-15T14:49:57.178529-04:00 jarfx postfix/smtp[1147]: send attr recipient = jamesrome@gmail.com
2020-06-15T14:49:57.178688-04:00 jarfx postfix/smtp[1147]: send attr offset = 812
2020-06-15T14:49:57.178837-04:00 jarfx postfix/smtp[1147]: send attr dsn_orig_rcpt = rfc822;jamesrome@gmail.com
2020-06-15T14:49:57.178982-04:00 jarfx postfix/smtp[1147]: send attr notify_flags = 0
2020-06-15T14:49:57.179127-04:00 jarfx postfix/smtp[1147]: send attr status = 4.7.5
2020-06-15T14:49:57.179247-04:00 jarfx postfix/smtp[1147]: send attr diag_type =
2020-06-15T14:49:57.179353-04:00 jarfx postfix/smtp[1147]: send attr diag_text =
2020-06-15T14:49:57.179497-04:00 jarfx postfix/smtp[1147]: send attr mta_type =
2020-06-15T14:49:57.179615-04:00 jarfx postfix/smtp[1147]: send attr mta_mname =
2020-06-15T14:49:57.179726-04:00 jarfx postfix/smtp[1147]: send attr action = delayed
2020-06-15T14:49:57.179860-04:00 jarfx postfix/smtp[1147]: send attr reason = Cannot start TLS: handshake failure
2020-06-15T14:49:57.182646-04:00 jarfx postfix/smtp[1147]: private/defer socket: wanted attribute: status
2020-06-15T14:49:57.182881-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:49:57.183112-04:00 jarfx postfix/smtp[1147]: input attribute value: 0
2020-06-15T14:49:57.183301-04:00 jarfx postfix/smtp[1147]: private/defer socket: wanted attribute: (list terminator)
2020-06-15T14:49:57.183499-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:49:57.183720-04:00 jarfx postfix/smtp[1147]: C4A36AA57: to=<me@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=582, delays=582/0.01/0/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)
2020-06-15T14:49:57.183922-04:00 jarfx postfix/smtp[1147]: flush_add: site gmail.com id C4A36AA57
2020-06-15T14:49:57.184108-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: gmail.com ~? jarfx.dyndns.org
2020-06-15T14:49:57.184302-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: gmail.com ~? localhost.dyndns.org
2020-06-15T14:49:57.184446-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: gmail.com ~? hash:/etc/postfix/relay(0,lock|utf8_request)
2020-06-15T14:49:57.184597-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: lookup hash:/etc/postfix/relay.db gmail.com: notfound
2020-06-15T14:49:57.184718-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: lookup hash:/etc/postfix/relay.db com: notfound
2020-06-15T14:49:57.184814-04:00 jarfx postfix/smtp[1147]: match_list_match: gmail.com: no match
2020-06-15T14:49:57.184907-04:00 jarfx postfix/smtp[1147]: flush_add: site gmail.com id C4A36AA57 status 4
2020-06-15T14:50:12.983446-04:00 jarfx postfix/pickup[693]: F00C4AA5B: uid=30 from=<wwwrun>
2020-06-15T14:50:12.988345-04:00 jarfx postfix/cleanup[1158]: F00C4AA5B: message-id=<20200615185012.F00C4AA5B@jarfx.dyndns.org>
2020-06-15T14:50:13.004137-04:00 jarfx postfix/qmgr[694]: F00C4AA5B: from=<wwwrun@jarfx.dyndns.org>, size=495, nrcpt=1 (queue active)
2020-06-15T14:50:13.004437-04:00 jarfx postfix/smtp[1147]: auto_clnt_open: connected to private/tlsmgr
2020-06-15T14:50:13.004636-04:00 jarfx postfix/smtp[1147]: send attr request = lookup
2020-06-15T14:50:13.004764-04:00 jarfx postfix/smtp[1147]: send attr cache_type = smtp
2020-06-15T14:50:13.004890-04:00 jarfx postfix/smtp[1147]: send attr cache_id = amavis&[127.0.0.1]:10024&127.0.0.1&127.0.0.1&&92B631C47298EA55E927F88B35A4AF8BF791ADE6A6E4845294E9895884FC5513
2020-06-15T14:50:13.005074-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: status
2020-06-15T14:50:13.005193-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:50:13.005290-04:00 jarfx postfix/smtp[1147]: input attribute value: 4294967295
2020-06-15T14:50:13.005444-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: session
2020-06-15T14:50:13.005587-04:00 jarfx postfix/smtp[1147]: input attribute name: session
2020-06-15T14:50:13.005709-04:00 jarfx postfix/smtp[1147]: input attribute value: (end)
2020-06-15T14:50:13.005866-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: (list terminator)
2020-06-15T14:50:13.005971-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:50:13.006095-04:00 jarfx postfix/smtp[1147]: send attr request = seed
2020-06-15T14:50:13.006217-04:00 jarfx postfix/smtp[1147]: send attr size = 32
2020-06-15T14:50:13.006343-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: status
2020-06-15T14:50:13.006441-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:50:13.006577-04:00 jarfx postfix/smtp[1147]: input attribute value: 0
2020-06-15T14:50:13.006697-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: seed
2020-06-15T14:50:13.006798-04:00 jarfx postfix/smtp[1147]: input attribute name: seed
2020-06-15T14:50:13.006891-04:00 jarfx postfix/smtp[1147]: input attribute value: 6JKhoT1ZZb4hJKcM1/haXLJEUrQmpqgIc9GYxLK5T0c=
2020-06-15T14:50:13.007016-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: (list terminator)
2020-06-15T14:50:13.007142-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:50:13.007233-04:00 jarfx postfix/smtp[1147]: SSL_connect error to 127.0.0.1[127.0.0.1]:10024: -1
2020-06-15T14:50:13.007400-04:00 jarfx postfix/smtp[1147]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:252:
2020-06-15T14:50:13.007554-04:00 jarfx postfix/smtp[1147]: send attr request = delete
2020-06-15T14:50:13.007680-04:00 jarfx postfix/smtp[1147]: send attr cache_type = smtp
2020-06-15T14:50:13.007803-04:00 jarfx postfix/smtp[1147]: send attr cache_id = amavis&[127.0.0.1]:10024&127.0.0.1&127.0.0.1&&92B631C47298EA55E927F88B35A4AF8BF791ADE6A6E4845294E9895884FC5513
2020-06-15T14:50:13.007919-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: status
2020-06-15T14:50:13.008013-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:50:13.008103-04:00 jarfx postfix/smtp[1147]: input attribute value: 4294967295
2020-06-15T14:50:13.008230-04:00 jarfx postfix/smtp[1147]: private/tlsmgr: wanted attribute: (list terminator)
2020-06-15T14:50:13.008341-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:50:13.008438-04:00 jarfx postfix/smtp[1147]: connect to subsystem private/defer
2020-06-15T14:50:13.008537-04:00 jarfx postfix/smtp[1147]: send attr nrequest = 0
2020-06-15T14:50:13.008648-04:00 jarfx postfix/smtp[1147]: send attr flags = 0
2020-06-15T14:50:13.008755-04:00 jarfx postfix/smtp[1147]: send attr queue_id = F00C4AA5B
2020-06-15T14:50:13.008851-04:00 jarfx postfix/smtp[1147]: send attr original_recipient = me@gmail.com
2020-06-15T14:50:13.008947-04:00 jarfx postfix/smtp[1147]: send attr recipient = me@gmail.com
2020-06-15T14:50:13.009063-04:00 jarfx postfix/smtp[1147]: send attr offset = 812
2020-06-15T14:50:13.009163-04:00 jarfx postfix/smtp[1147]: send attr dsn_orig_rcpt = rfc822;me@gmail.com
2020-06-15T14:50:13.009257-04:00 jarfx postfix/smtp[1147]: send attr notify_flags = 0
2020-06-15T14:50:13.009354-04:00 jarfx postfix/smtp[1147]: send attr status = 4.7.5
2020-06-15T14:50:13.009481-04:00 jarfx postfix/smtp[1147]: send attr diag_type =
2020-06-15T14:50:13.009576-04:00 jarfx postfix/smtp[1147]: send attr diag_text =
2020-06-15T14:50:13.009669-04:00 jarfx postfix/smtp[1147]: send attr mta_type =
2020-06-15T14:50:13.009763-04:00 jarfx postfix/smtp[1147]: send attr mta_mname =
2020-06-15T14:50:13.009884-04:00 jarfx postfix/smtp[1147]: send attr action = delayed
2020-06-15T14:50:13.009985-04:00 jarfx postfix/smtp[1147]: send attr reason = Cannot start TLS: handshake failure
2020-06-15T14:50:13.014493-04:00 jarfx postfix/smtp[1147]: private/defer socket: wanted attribute: status
2020-06-15T14:50:13.014726-04:00 jarfx postfix/smtp[1147]: input attribute name: status
2020-06-15T14:50:13.014861-04:00 jarfx postfix/smtp[1147]: input attribute value: 0
2020-06-15T14:50:13.015003-04:00 jarfx postfix/smtp[1147]: private/defer socket: wanted attribute: (list terminator)
2020-06-15T14:50:13.015107-04:00 jarfx postfix/smtp[1147]: input attribute name: (end)
2020-06-15T14:50:13.015230-04:00 jarfx postfix/smtp[1147]: F00C4AA5B: to=<jamesrome@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.04, delays=0.04/0/0/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)
2020-06-15T14:50:13.015365-04:00 jarfx postfix/smtp[1147]: flush_add: site gmail.com id F00C4AA5B
2020-06-15T14:50:13.015469-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: gmail.com ~? jarfx.dyndns.org
2020-06-15T14:50:13.015609-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: gmail.com ~? localhost.dyndns.org
2020-06-15T14:50:13.015737-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: gmail.com ~? hash:/etc/postfix/relay(0,lock|utf8_request)
2020-06-15T14:50:13.015838-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: lookup hash:/etc/postfix/relay.db gmail.com: notfound
2020-06-15T14:50:13.015929-04:00 jarfx postfix/smtp[1147]: match_hostname: fast_flush_domains: lookup hash:/etc/postfix/relay.db com: notfound
2020-06-15T14:50:13.016042-04:00 jarfx postfix/smtp[1147]: match_list_match: gmail.com: no match
2020-06-15T14:50:13.016170-04:00 jarfx postfix/smtp[1147]: flush_add: site gmail.com id F00C4AA5B status 4



jarfx.dyndns.org is my dynamic dns address. And it is my hostname.
What am I doing wrong?
Thanks a bunch.

However, my bounce messages got sent:

This is the mail system at host jarfx.dyndns.org.
####################################################################
# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
####################################################################

Your message could not be delivered for more than 1 hour(s).
It will be retried until it is 5 day(s) old.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.
                    The mail system

Hi
Did you allow tlsmgr (un rem) to run in /etc/postfix/master.cf

Think so:

tlsmgr unix - - n 1000? 1 tlsmgr

Hi
If you change the port to 587 rather than 465…

Hi
Did a quick test here… all good;


main.cf

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

sasl_passwd

[smtp.gmail.com]:587 *gmail-user*@gmail.com:*gmail-password*

master.cf

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

postmap sasl_passwd

chmod 600 sasl_passwd sasl_passwd.db

systemctl restart postfix

{as my user}

echo 'It works' | mailx -s 'Test message' user@gmail.com <enter>

2020-06-15T19:06:44.495729-05:00 grover-os151 postfix/smtp[2323]: ED1E8206B1: to=<user@gmail.com>, relay=smtp.gmail.com[173.194.78.108]:587, delay=2.5, delays=0.03/0.03/0.61/1.9, dsn=2.0.0, status=sent (250 2.0.0 OK  1592266004 i2sm3635694otr.49 - gsmtp)
2020-06-15T19:06:44.499321-05:00 grover-os151 postfix/qmgr[2283]: ED1E8206B1: removed

Return-Path: <user@gmail.com>
Received: from localhost (blah)
        by smtp.gmail.com with ESMTPSA id i2sm3635694otr.49.2020.06.15.17.06.42
        for <user@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 15 Jun 2020 17:06:43 -0700 (PDT)
From: root <user@gmail.com>
X-Google-Original-From: root <root@localhost>
Received: by localhost (Postfix, from userid 0)
 id ED1E8206B1; Mon, 15 Jun 2020 19:06:41 -0500 (CDT)
Date: Mon, 15 Jun 2020 19:06:41 -0500
To: user@gmail.com
Subject: Test message
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20200616000641.ED1E8206B1@localhost>


It works