我们正在尝试将电子邮件客户端连接到我们的邮件服务器。我们后缀和多夫科特配置并运行Ubuntu。
我们可以看到 Dovecot 正在使用以下命令监听正确的端口:
$ sudo netstat -tunlp | grep :993
我们可以使用 openssl 成功测试 postfix 连接:
$ openssl s_client -connect localhost:465
但在IMAPS端口上运行同样的命令失败:
$ openssl s_client -connect localhost:993
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1529946289
Timeout : 300 (sec)
Verify return code: 0 (ok)
/var/log/dovecot
imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=<)
master: Error: service(imap-login): command startup failed, throttling for 2 secs
我们尝试了很多方法(类似问题和博客文章中提到过),但都无济于事,这让我们在这个阶段快要疯了。解决方案似乎只需要几分钟就能找到,但这种情况已经持续了好几个小时……
知道可能是什么问题吗?
doveconf-n
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-1060-aws x86_64 Ubuntu 16.04.4 LTS ext4
auth_verbose = yes
base_dir = /var/run/dovecot/
info_log_path = /var/log/dovecot.info
listen = *
log_path = /var/log/dovecot
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
protocols = imap
service auth {
executable = /usr/lib/dovecot/auth
unix_listener /var/spool/postfix/private/auth-client {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service imap-login {
chroot = login
executable = /usr/lib/dovecot/imap-login
user = dovecot
}
service imap {
executable = /usr/lib/dovecot/imap
}
userdb {
args = /etc/dovecot/users
driver = passwd-file
}
valid_chroot_dirs = /var/spool/vmail
conf.d/10-ssl.conf
ssl = yes
ssl_cert = </etc/ssl/certs/certificate.crt
ssl_key = </etc/ssl/private/key.key
ssl_ca = </etc/ssl/certs/certificate.ca-bundle
证书和密钥文件权限(Postfix 和 Dovecot 使用相同的文件)
-rw------- 1 root root /etc/ssl/certs/certificate.crt
-rw------- 1 root root /etc/ssl/private/key.key