我有相当标准的安装后缀和鸽舍在 Ubuntu 12.10 上。我生成了自己的证书并让它们签名cacert.org。
创建证书的过程如下:
openssl genrsa -out mail.myhostname.key 4096
openssl req -new -key mail.myhostname.key -out mail.myhostname.csr
wget http://www.cacert.org/certs/root.txt
sudo cp root.txt /etc/ssl/certs/cacert.crt
# here Submitting the CSR to CAcert takes place
# placing result certificate from CAcert into /etc/postfix/ssl/mail.myhostname.crt
这是我的鸽舍配置sudo cat /etc/dovecot/conf.d/10-ssl.conf:
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/postfix/ssl/mail.myhostname.crt
ssl_key = </etc/postfix/ssl/mail.myhostname.key
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
ssl_ca = </etc/postfix/ssl/cacert.crt
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 168
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
我无法让 Outlook 工作,在设置我自己的证书之前,它工作得很好(尽管有一些警告)。我听说“Microsoft Mail”和 Outlook 可能存在一些问题,它们比 Thunderbird 更敏感,但这应该不是问题。
客户端程序的屏幕:
这是来自 splunk 的 source="/var/log/mail.log" 的头部并显示了问题
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Disconnected (no auth attempts): rip=89.77.2XX.XXX, lip=37.23X.XX.XXX
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Disconnected (no auth attempts): rip=89.77.2XX.XXX, lip=37.23X.XX.XXX, TLS handshaking: Disconnected
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
这是 openssl 测试的输出openssl s_client -connect mail.myhostname:995:
CONNECTED(00000003)
depth=1 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = [email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/CN=*.myhostname
i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
1 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
some certificate info..
-----END CERTIFICATE-----
subject=/CN=*.myhostname
issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 4548 bytes and written 487 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 4EE9B3ED672B5989A52B5338C6173E5C525080C1D46D37A327E501ED70A73625
Session-ID-ctx:
Master-Key: 5DD1ED05C32F5B0FE07F20FDEEE80D622D6873CE7E9D954F4CC6644ED0E86A6A30603A387651135D6F7CA792F2377901
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4e 3f 50 2c 3f 61 47 9f-f0 61 b4 26 31 ce 2c 9f N?P,?aG..a.&1.,.
0010 - ce 83 1b b5 20 88 45 a9-71 cd 35 29 3e 4b 5c 29 .... .E.q.5)>K\)
0020 - d8 31 e0 3f 47 2b d3 05-d3 73 62 78 ac a9 91 f8 .1.?G+...sbx....
0030 - 51 89 b5 cd 20 2a 92 7a-68 8f d7 ae 01 10 46 df Q... *.zh.....F.
0040 - 35 c9 4b 50 86 1a 1b bc-5f 66 b9 29 7a bd 41 be 5.KP...._f.)z.A.
0050 - a0 76 ba e3 95 2c 85 ef-cd 21 c5 be ee c1 4b e3 .v...,...!....K.
0060 - c7 9e e3 8a 63 6d a6 cb-9f be 25 d5 b6 61 c0 27 ....cm....%..a.'
0070 - b5 09 46 e5 79 e0 34 6f-8d 6b db 96 17 40 18 ea ..F.y.4o.k...@..
0080 - 25 c2 b0 12 96 20 1a 25-e1 7a 22 3e 74 6c 9e e8 %.... .%.z">tl..
0090 - 61 f0 24 e7 5f 8a 5d e1-ab 43 c0 a7 74 43 09 cf a.$._.]..C..tC..
Start Time: 1433543614
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
+OK The greatest mail program is ready
我不明白验证错误:num=19:证书链中的自签名证书部分。如果我使用值得信赖的 CAcert 机构,它以哪种方式自签名?
我审查了 IP 和主机名,因为我的服务器仍然脆弱
还有一个关于堆叠Dovecot 的证书(在链接中http://wiki2.dovecot.org/SSL/DovecotConfiguration)。表显示了这个顺序:
Dovecot的公共证书- 这是什么 ?
TDC SSL 服务器 CA- 这是我来自 cacert 的公钥吗?
TDC 互联网根 CA是 cacert root 吗?
Globalsign 合作伙伴 CA- 这是什么?
目前,/etc/postfix/ssl/cacert.crt
仅拥有 CAcert 根。
这会导致问题并阻止 TLS 握手吗?
更新:
邮件与 Thunderbird 一起使用,但仍然要求用户接受证书,这是一种不需要的行为 - 这是我在拥有来自 cacert.org 的证书时没想到的
来自 splunk 的日志:
6/6/15
1:38:43.000 AM
Jun 6 01:38:43 myhostname dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:43.000 AM
Jun 6 01:38:43 myhostname dovecot: imap([email protected]): Disconnected: Logged out bytes=8/328
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=89.77.22X.XXX, lip=37.233.XX.XXX, mpid=13141, TLS
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: auth-worker: mysql(localhost): Connected to database postfix
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Disconnected (no auth attempts): rip=89.77.22X.XXX, lip=37.233.XX.XXX, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=560: fatal unknown CA [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [89.77.22X.XXX]
答案1
我生成了自己的证书并由 cacert.org 对其进行了签名。
如今,任何主要操作系统都不信任 cacert.org。它曾经存在于 Debian 中,但也被删除了。它可能仍然存在于某些 *BSD 中。值得注意的是,没有浏览器、Windows、Android、Mac OS...会信任这个 CA。
我不明白验证错误:num=19:证书链部分中的自签名证书。如果我使用值得信赖的 CAcert 机构,它以哪种方式自签名?
即使你本地安装了cacert,openssl s_client默认情况下也不会使用任何CA来检查,所以一切都是不可信的。并且给出的输出包含根证书,无论如何这是错误的。链中的根证书将被忽略,因为受信任的根必须已经位于系统本地。
答案2
也许这个项目将是您(和我的)的解决方案:
答案3
我刚刚收到一份报告allaboutspam.com有许多警告和一份黑名单梭子鱼中央。
我认为这会更容易,但它占用了我大约 80% 的关键活动,而且我不想为获得认可的证书支付额外费用。
我正在转向托管邮件解决方案,并让我的服务器仅作为 WWW 服务器和数据处理/分析机器。谢谢@steffen-ullrich!