我正在尝试重新配置(当前正在运行的)debian 10 postfix 配置,因为我们已迁移到 Office365 作为 SMTP 服务器。 postfix 邮件配置仅用于发送服务器本身生成的邮件(logcheck 邮件等)。
我认为我必须做的唯一改变是将relayhost设置
从:更改relayhost = some.mail.provider:465
为:relayhost = smtp.office365.com:587
问题:
然而,这是行不通的。在/var/log/syslog我得到
Sep 21 15:03:30 pasteur postfix/smtp[16877]: SSL_connect error to smtp.office365.com[40.101.137.34]:587: -1
Sep 21 15:03:30 pasteur postfix/smtp[16877]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
Sep 21 15:03:30 pasteur postfix/smtp[16877]: EC2809EF92: Cannot start TLS: handshake failure
问题: 有谁知道解决办法吗?
我在 /etc/postfix/main.cf 中尝试了各种后缀设置,但这不起作用。例如,更改smtp_tls_security_level = encrypt为... = may会导致系统日志条目,例如 smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt" (or stronger)
我的后缀设置/etc/postfix/main.cf是:
# Ansible managed
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html
# default to 2 on fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# Enable SASL authentication
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:<someuser>:************
smtp_sasl_security_options = noanonymous
smtp_tls_wrappermode = yes
smtp_use_tls = yes
smtp_tls_security_level = encrypt
# General
myhostname = pasteur.<ourdomain>.com
myorigin = /etc/mailname
mydestination = $myhostname localhost.$mydomain localhost pasteur
mynetworks = "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
relayhost = smtp.office365.com:587
答案1
我现在已经通过使用 Microsoft 概述的“直接发送”方法来规避该问题 https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using- microsoft-365-或-office-365
这意味着我必须更改relayhost设置(url 和端口)和一些 tls 设置
答案2
加密层与端口465和587不同:
- 端口 465 期望使用 SSL 进行通信
STARTTLS端口 587 期望在会话的早期阶段使用命令以明文形式进行初始通信
我相信解决办法就是改变
smtp_tls_security_level = may