因此,在尝试了两天所有似乎可行的解决方案后,我仍然感到困惑。我肯定遗漏了某些东西。
我正在尝试使用 SuiteCRM 中的 php 连接到 postfix/dovecot 邮件服务器imap_open()(它仅使用 imap,pop3 不是一个选项)。
openssl s_client -connect mail.mydomain.com:143 -starttls imap我可以使用或从命令行进行连接openssl s_client -connect mail.mydomain.com:993。我可以发出命令、列出收件箱并注销。如果我尝试使用 php imap_open,我会收到各种错误,具体取决于传递的参数。
问题:为什么无法使用 imap_open 建立连接?
这似乎是 php 问题。我检查了邮件服务器上的 phpinfo,发现它有支持 SSL 的 imap。邮件服务器在 ubuntu 14.04 LEMP 配置上运行。PHP 版本 5.5.9-1ubuntu4.9。SSL 证书是通配符证书。
imap
IMAP c-Client Version 2007f
SSL Support enabled
Kerberos Support enabled
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1f 6 Jan 2014
OpenSSL Header Version OpenSSL 1.0.1f 6 Jan 2014
以下是 postfix 和 dovecot 配置:
postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = localhost
myhostname = mail.livechat4sales.com
mynetworks = 127.0.0.0/8
myorigin = $myhostname
readme_directory = no
recipient_delimiter = +
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/nginx/ssl/geotrust.stapling.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/nginx/ssl/mydomain.wild.crt
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/nginx/ssl/mydomain.wild.key
smtpd_tls_loglevel = 4
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = mydomain.com
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
鸽舍:
auth_mechanisms = plain login
auth_verbose = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k session=<%{session}>
mail_location = maildir:~mail/vhosts/%d/%n/
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users
driver = passwd-file
}
protocols = " imap lmtp pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert = </etc/nginx/ssl/mydomain.wild.crt
ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
ssl_client_ca_dir = /etc/nginx/ssl/
ssl_client_ca_file = geotrust.stapling.crt
ssl_key = </etc/nginx/ssl/mydomain.wild.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = username_format=%u /etc/dovecot/users
default_fields = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = passwd-file
}
imap_open 测试结果:
{mail.mydomain.com:993/service=imap/ssl/tls/validate-cert/secure}INBOX: invalid remote specification
{mail.mydomain.com:993/service=imap/ssl/tls/validate-cert}INBOX: invalid remote specification
{mail.mydomain.com:993/service=imap/ssl/validate-cert/secure}INBOX: [CLOSED] IMAP connection broken (server response)
{mail.mydomain.com:993/service=imap/ssl/novalidate-cert/secure}INBOX: [CLOSED] IMAP connection broken (server response)
这是唯一返回数据的调用,但我认为密码是以纯文本传递的。143 仅用于测试;993 是首选。
{mail.mydomain.com:143/service=imap/tls}INBOX