外发电子邮件未加密

外发电子邮件未加密

我有一个由 server.com 提供服务的域名 example.com。我正在向 gmail.com 发送电子邮件。我发送的电子邮件从 example.com 到 server.com 使用 TLS,但从 server.com 到 gmail.com 的邮件未加密。

server.com 是我在其上设置邮件和网络服务器的 VPS。

example.com 是 VPS 上的虚拟域之一。

以下是电子邮件标题的示例:

    Delivered-To: [email protected]
    Received: by 10.236.191.7 with SMTP id c7csp2141557pjs;
            Tue, 1 May 2018 14:03:37 -0700 (PDT)
    X-Google-Smtp-Source: AB8JxZpwQHXweJ70K6vNAako5gqTtvni9ZUm6LC0Hfl0xAefu7wtGjSsnQHRHMKL/sLpOnicPwFM
    X-Received: by 2002:a63:3584:: with SMTP id c126-v6mr14324018pga.37.1525208616991;
            Tue, 01 May 2018 14:03:36 -0700 (PDT)

...
...

    ARC-Authentication-Results: i=1; mx.google.com;
           spf=pass (google.com: domain of [email protected] designates xxx.xxx.xxx.xxx as permitted sender) [email protected]
    Return-Path: <[email protected]>
    Received: from server.com (server.com. [xxx.xxx.xxx.xxx])
            by mx.google.com with ESMTP id d65si10640010pfd.182.2018.05.01.14.03.36
            for <[email protected]>;
            Tue, 01 May 2018 14:03:36 -0700 (PDT)
    Received-SPF: pass (google.com: domain of [email protected] designates xxx.xxx.xxx.xxx as permitted sender) client-ip=xxx.xxx.xxx.xxx;
    Authentication-Results: mx.google.com;
           spf=pass (google.com: domain of [email protected] designates xxx.xxx.xxx.xxx as permitted sender) [email protected]
    Received: from www.example.com (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server.com (Postfix) with ESMTPSA id 7D74260383 for <[email protected]>; Tue,
      1 May 2018 14:03:36 -0700 (PDT)
    MIME-Version: 1.0
    Content-Type: text/plain; charset=US-ASCII; format=flowed
    Content-Transfer-Encoding: 7bit
    Date: Tue, 01 May 2018 17:03:36 -0400
    From: [email protected]
    To: [email protected]
    Subject: Hello
    Message-ID: <[email protected]>
    X-Sender: [email protected]
    User-Agent: Roundcube Webmail/1.2.3

    Test email body.

知道为什么加密会被取消吗?

编辑:

我的 postconf -n 输出是:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
config_directory = /etc/postfix
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = $myhostname, server.com, , localhost
myhostname = server.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_tls_CAfile = /etc/letsencrypt/live/server.com/chain.pem
smtp_tls_cert_file = /etc/letsencrypt/live/server.com/fullchain.pem
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_key_file = /etc/letsencrypt/live/server.com/privkey.pem
smtp_tls_loglevel = 2
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/letsencrypt/live/server.com/chain.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/server.com/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtpd_tls_key_file = /etc/letsencrypt/live/server.com/privkey.pem
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtpd_tls_mandatory_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtpd_tls_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-valias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-vdomains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-vusers.cf
virtual_transport = dovecot

这是我的 postconf -M 输出:

smtp       inet  n       -       y       -       -       smtpd
submission inet  n       -       n       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
smtps      inet  n       -       y       -       -       smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
maildrop   unix  -       n       n       -       -       pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
dovecot    unix  -       n       n       -       -       pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

这是我的 mail.log:

May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: initializing the server-side TLS engine
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: connect from localhost[127.0.0.1]
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: setting up TLS connection from localhost[127.0.0.1]
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: localhost[127.0.0.1]: TLS cipher list "aNULL:-aNULL:HIGH:@STRENGTH:!MD5:!DES:!ADH:!RC4:!PSD:!SRP:!3DES:!eNULL:!aNULL"
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:before SSL initialization
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:before SSL initialization
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS read client hello
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write server hello
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write certificate
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write key exchange
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write server done
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write server done
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS read client key exchange
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS read change cipher spec
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS read finished
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: localhost[127.0.0.1]: Issuing session ticket, key expiration: 1525220445
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write session ticket
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write change cipher spec
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: SSL_accept:SSLv3/TLS write finished
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: BAB6360383: client=localhost[127.0.0.1], sasl_method=LOGIN, [email protected]
May  1 16:50:46 hwsrv-230549 postfix/cleanup[29153]: BAB6360383: message-id=<[email protected]>
May  1 16:50:46 hwsrv-230549 postfix/qmgr[29077]: BAB6360383: from=<[email protected]>, size=745, nrcpt=1 (queue active)
May  1 16:50:46 hwsrv-230549 postfix/smtp[29154]: initializing the client-side TLS engine
May  1 16:50:46 hwsrv-230549 postfix/submission/smtpd[29147]: disconnect from localhost[127.0.0.1] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
May  1 16:50:47 hwsrv-230549 postfix/smtp[29154]: BAB6360383: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.197.26]:25, delay=0.65, delays=0.06/0.03/0.04/0.53, dsn=2.0.0, status=sent (250 2.0.0 OK 1525218647 p84si10342745pfa.180 - gsmtp)
May  1 16:50:47 hwsrv-230549 postfix/qmgr[29077]: BAB6360383: removed

有任何想法吗?

编辑 2:我尝试将日志记录级别增加到 4,但没有提供任何额外的有用信息。

答案1

上面的 postfix 配置有效。问题出在 VPS 主机上。我联系了技术支持,看看他们的防火墙是否阻止了端口 587。他们回复说:

请注意,由于从我们的共享/VPS 服务器发送的所有电子邮件都因出站 SMTP 过滤而被解密,因此这些电子邮件将以解密形式离开我们的网络。

实际上,我们利用 MailChannels 作为出站 SMTP 过滤器。这可以防止被视为垃圾邮件的消息离开我们的网络。

为了解决这个问题,我必须每月支付 0.50 美元才能加入 MailChannels 白名单,并且必须签署反垃圾邮件协议。

相关内容