这是我最后的手段 :(
我有一个 Amazon EC2 实例,我从中运行我的邮件服务器。
我的邮件服务器是用 ubuntu server 14.04、postfix、dovecot 设置的,多年来一直运行良好,但是我无法获得 comodo 证书来使用它。
我的 telnet 说
Trying IP.IP.IP.IP...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP
ehlo
501 Syntax: EHLO hostname
ehlo mail.example.com
250-mail.example.com
250-PIPELINING
250-SIZE 104857600
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
454 4.7.0 TLS not available due to local problem
421 4.4.2 mail.example.com Error: timeout exceeded
Connection closed by foreign host.
我搜索过这个错误,并尝试了各种方法,比如测试证书和密钥,它们都是正确的,包括 bundle.crt
我最初尝试用 startcom 替换证书,并尝试修复问题,但最终出现了严重的 DNS 问题,现在我已经纠正了这个问题,我确信这与证书和/或密钥有关。
我甚至启动了一个新的实例,并从头开始构建我的服务器
dovecot -n 返回
# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (0c4ae064f307+)
# OS: Linux 3.13.0-95-generic x86_64 Ubuntu 14.04.5 LTS ext4
auth_mechanisms = plain login
auth_verbose = yes
mail_home = /var/mail/vmail/%d/%n
mail_location = maildir:/var/mail/vmail/%d/%n/mail:LAYOUT=fs
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded- character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db
driver = passwd-file
}
plugin {
sieve = ~/.dovecot.sieve
sieve_after = /var/mail/vmail/sieve-after
sieve_before = /var/mail/vmail/sieve-before
sieve_dir = ~/sieve
}
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/ssl/private/ssl-bundle.pem
ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:D H+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = </etc/ssl/private/mailserver.key
userdb {
args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n
driver = static
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = [email protected]
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_max_userip_connections = 10
}
但是 /var/log/upstart/dovecot.log 显示
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10- ssl.conf line 12: ssl_cert: Can't open file /etc/dovecot/dovecot.pem: No such file or directory
和
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/99- mail-stack-delivery.conf line 4: ssl_cert: Can't open file /etc/ssl/private/ca-bundle.crt: No
这些文件位于 /etc/ssl/private 中,权限为 400
我已经检查了我的配置文件中的语法。
我甚至没有使用“/etc/dovecot/conf.d/10-ssl.conf”,并且所有行都被注释掉了。
我确信我错过了一个至关重要的步骤,这让我抓狂了,并且已经持续了一个星期。
这些是我的 /etc/ssl/private 文件夹中的文件
AddTrustExternalCARoot.crt ssl-bundle2.crt
COMODORSAAddTrustCA.crt ssl-bundle.crt
COMODORSADomainValidationSecureServerCA.crt ssl-bundle.pem
mail_example_com.crt ssl-cert-snakeoil.key
mailserver.key
openssl s_client -connect mail.example.com: 25 -starttls smtp -CApath /etc/ssl/certs 给出..
CONNECTED(00000003)
140077443561120:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 235 bytes and written 330 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
任何指点都很好:)
谢谢