Postfix 错误:未收到 TLS、EmptyCertificate 和未经过身份验证的邮件,传入托管租户中配置的收件人域

Postfix 错误:未收到 TLS、EmptyCertificate 和未经过身份验证的邮件,传入托管租户中配置的收件人域

以前,Postfix 会出现错误,抱怨没有[No TLS]

Jul 14 10:37:38 q03pmds postfix/smtp[81151]: A02F3FF9F4: host pel-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [No TLS] [ME3AUS01FT018.eop-AUS01.prod.protection.outlook.com 2023-07-14T00:37:38.115Z 08DB8303CE4A917A] (in reply to end of DATA command)

我已经创建了一个签名证书并添加到 Postfix 配置文件中,如下所示:

smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtp_tls_security_level = may

然而,我现在得到[ValidationStatus of '' is EmptyCertificate]

(host epl-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [ME3AUS01FT009.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.165Z 08DB85E60F9C36B4] (in reply to end of DATA command))

(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [SY4AUS01FT012.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.165Z 08DB858C5B8F4556] (in reply to end of DATA command))

(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [SY4AUS01FT011.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.375Z 08DB864D666BFE0D] (in reply to end of DATA command))

(host epl-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5 [ME3AUS01FT004.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.237Z 08DB85FB7229EDD0] (in reply to end of DATA command))

(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5 [SY4AUS01FT024.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.320Z 08DB85FB7C2C75CE] (in reply to end of DATA command))

(host epl-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [ME3AUS01FT013.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.711Z 08DB860FE83B4875] (in reply to end of DATA command))

(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5 [SY4AUS01FT010.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.463Z 08DB85D292FA106C] (in reply to end of DATA command))

我也收到一堆Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5

我已将 Office 365 连接器配置为接受来自 Postfix 服务器、SPF 记录的电子邮件,并为 Postfix 服务器主机名添加了 A 记录。

运行时我没有获得任何证书openssl s_client

 openssl s_client -connect localhost:25
CONNECTED(00000003)
140466906908560:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1689557445
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

通过添加以下内容修复了证书警告:

smtp_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtp_tls_key_file = /etc/pki/tls/private/postfix.key

相关内容