以前,Postfix 会出现错误,抱怨没有[No TLS]
Jul 14 10:37:38 q03pmds postfix/smtp[81151]: A02F3FF9F4: host pel-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [No TLS] [ME3AUS01FT018.eop-AUS01.prod.protection.outlook.com 2023-07-14T00:37:38.115Z 08DB8303CE4A917A] (in reply to end of DATA command)
我已经创建了一个签名证书并添加到 Postfix 配置文件中,如下所示:
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtp_tls_security_level = may
然而,我现在得到[ValidationStatus of '' is EmptyCertificate]
(host epl-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [ME3AUS01FT009.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.165Z 08DB85E60F9C36B4] (in reply to end of DATA command))
(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [SY4AUS01FT012.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.165Z 08DB858C5B8F4556] (in reply to end of DATA command))
(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [SY4AUS01FT011.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.375Z 08DB864D666BFE0D] (in reply to end of DATA command))
(host epl-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5 [ME3AUS01FT004.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.237Z 08DB85FB7229EDD0] (in reply to end of DATA command))
(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5 [SY4AUS01FT024.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.320Z 08DB85FB7C2C75CE] (in reply to end of DATA command))
(host epl-com-au.mail.protection.outlook.com[104.47.71.202] said: 451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35. For more information please go to https://go.microsoft.com/fwlink/?linkid=865268 [ValidationStatus of '' is EmptyCertificate] [ME3AUS01FT013.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.711Z 08DB860FE83B4875] (in reply to end of DATA command))
(host epl-com-au.mail.protection.outlook.com[104.47.71.138] said: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5 [SY4AUS01FT010.eop-AUS01.prod.protection.outlook.com 2023-07-17T00:39:37.463Z 08DB85D292FA106C] (in reply to end of DATA command))
我也收到一堆Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions. ATTR5。
我已将 Office 365 连接器配置为接受来自 Postfix 服务器、SPF 记录的电子邮件,并为 Postfix 服务器主机名添加了 A 记录。
运行时我没有获得任何证书openssl s_client
openssl s_client -connect localhost:25
CONNECTED(00000003)
140466906908560:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1689557445
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
通过添加以下内容修复了证书警告:
smtp_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtp_tls_key_file = /etc/pki/tls/private/postfix.key