我无法使用 postfix 发送消息。错误:“必须先发出 STARTTLS”

tag-icon tag-icon centos postfix starttls centreon
我无法使用 postfix 发送消息。错误:“必须先发出 STARTTLS”

我是新手后缀。我的目标是将它与 fan/nagios/centreon 一起使用以接收通知。我尝试了论坛上或谷歌上找到的许多解决方案,但都没有解决我的问题。

我的服务器基于 Centos 版本 5.11(FAN v2.4 / )

当我尝试从我的服务器发送邮件时,我总是遇到同样的问题:“必须先发出 STARTTLS 命令

我的日志:

    ==> /var/log/maillog <==

Mar 16 12:45:16 myserver postfix/cleanup[24666]: 38E4E26ECAB: message-id=<[email protected]>
Mar 16 12:45:16 myserver postfix/qmgr[24052]: 38E4E26ECAB: from=<[email protected]>, size=602, nrcpt=1 (queue active)
Mar 16 12:45:16 myserver postfix/smtpd[24317]: connect from myserver[127.0.0.1]
Mar 16 12:45:16 myserver postfix/smtpd[24317]: 3DF4926ECA9: client=myserver[127.0.0.1]
Mar 16 12:45:16 myserver postfix/cleanup[24319]: 3DF4926ECA9: message-id=<[email protected]>
Mar 16 12:45:16 myserver postfix/qmgr[24052]: 3DF4926ECA9: from=<[email protected]>, size=1355, nrcpt=1 (queue active)
Mar 16 12:45:16 myserver postfix/smtpd[24317]: disconnect from myserver[127.0.0.1]
Mar 16 12:45:16 myserver postfix/pickup[24051]: 4BA7026ECAD: uid=100 from=<nagios>
Mar 16 12:45:16 myserver postfix/cleanup[24186]: 4BA7026ECAD: message-id=<[email protected]>
Mar 16 12:45:16 myserver postfix/qmgr[24052]: 4BA7026ECAD: from=<[email protected]>, size=528, nrcpt=1 (queue active)
Mar 16 12:45:16 myserver postfix/smtp[24335]: F237226ECA3: to=<[email protected]>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.54, delays=0.02/0/0.39/0.13, dsn=5.7.0, status=bounced (host smtp-mail.outlook.com[65.55.176.126] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
Mar 16 12:45:16 myserver postfix/smtp[24662]: D5B4226EC9F: to=<[email protected]>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.65, delays=0.07/0/0.45/0.13, dsn=5.7.0, status=bounced (host smtp-mail.outlook.com[65.55.176.126] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
Mar 16 12:45:16 myserver postfix/smtp[24399]: 0377526ECA1: to=<[email protected]>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.57, delays=0.04/0/0.39/0.13, dsn=5.7.0, status=bounced (host smtp-mail.outlook.com[65.55.176.126] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
Mar 16 12:45:16 myserver postfix/cleanup[24666]: AC06326ECB0: message-id=<[email protected]>
Mar 16 12:45:16 myserver postfix/cleanup[24186]: AC18526ECB1: message-id=<[email protected]>

我的 main.cf :nano /etc/postfix/main.cf

inet_interfaces = localhost

mydestination = $myhostname, localhost.$mydomain, localhost

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

data_directory = /var/lib/postfix

###Outlok SSL SMTP RELAY
relayhost = [smtp-mail.outlook.com]:587

#authentification
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/pki/tls/outlook_relay/server.key
smtp_tls_cert_file=/etc/pki/tls/outlook_relay/server.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
smtp_tls_enforce_peername = no

我的证书:

# pwd
/etc/pki/tls/outlook_relay

# ll
total 12
-rw-r--r-- 1 root root  769 mars 16 12:11 server.csr
-rw-r--r-- 1 root root  887 mars 16 12:10 server.key
-rw-r--r-- 1 root root 3269 mars 16 12:12 server.pm

答案1

将以下选项添加到 main.cf 并重新启动 postfix

smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high

答案2

我加 :

...
...
relayhost = [smtp-mail.outlook.com]:587

    #authentification
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    #tls
    smtp_use_tls = yes
    smtp_sasl_security_options = noanonymous
    smtp_sasl_tls_security_options = noanonymous
    smtp_tls_note_starttls_offer = yes
    tls_random_source = dev:/dev/urandom
    smtp_tls_scert_verifydepth = 5
    smtp_tls_key_file=/etc/pki/tls/outlook_relay/server.key
    smtp_tls_cert_file=/etc/pki/tls/outlook_relay/server.pem
    smtpd_tls_ask_ccert = yes
    smtpd_tls_req_ccert = no
    smtp_tls_enforce_peername = no

    smtp_tls_security_level = secure
    smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtp_tls_mandatory_ciphers = high

并重新启动postfix

结果 :

==> /var/log/maillog <==
Mar 16 14:15:45 myserver postfix/qmgr[23272]: 7F27D26ECA1: from=<[email protected]>, size=348, nrcpt=1 (queue active)
Mar 16 14:15:45 myserver postfix/tlsmgr[23279]: warning: request to update file /etc/postfix/prng_exch in non-postfix directory /etc/postfix
Mar 16 14:15:45 myserver postfix/tlsmgr[23279]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: cannot get certificate from file /etc/pki/tls/outlook_relay/server.pem
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: TLS library problem: 23278:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/pki/tls/outlook_relay/server.pem','r'):
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: TLS library problem: 23278:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: TLS library problem: 23278:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:
Mar 16 14:15:45 myserver postfix/smtp[23278]: cannot load RSA certificate and key data
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: unknown smtp_tls_mandatory_protocols value "!SSLv2" in "!SSLv2, !SSLv3"
Mar 16 14:15:45 myserver postfix/smtp[23278]: 7F27D26ECA1: to=<[email protected]>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.44, delays=0.03/0.01/0.39/0, dsn=4.7.5, status=deferred (TLS is required, but our TLS engine is unavailable)

它不起作用

但是我发现了问题:我在 server.pem 中重命名了 server.pm,现在它可以正常工作了 ;-)

相关内容