Dovecot SSL 失败(Postfix 工作正常)

tag-icon tag-icon postfix dovecot imap
Dovecot SSL 失败(Postfix 工作正常)

我们正在尝试将电子邮件客户端连接到我们的邮件服务器。我们后缀多夫科特配置并运行Ubuntu

我们可以看到 Dovecot 正在使用以下命令监听正确的端口:

$ sudo netstat -tunlp | grep :993

我们可以使用 openssl 成功测试 postfix 连接:

$ openssl s_client -connect localhost:465

但在IMAPS端口上运行同样的命令失败:

$ openssl s_client -connect localhost:993

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1529946289
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

/var/log/dovecot

imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=<)
master: Error: service(imap-login): command startup failed, throttling for 2 secs

我们尝试了很多方法(类似问题和博客文章中提到过),但都无济于事,这让我们在这个阶段快要疯了。解决方案似乎只需要几分钟就能找到,但这种情况已经持续了好几个小时……

知道可能是什么问题吗?

doveconf-n

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-1060-aws x86_64 Ubuntu 16.04.4 LTS ext4
auth_verbose = yes
base_dir = /var/run/dovecot/
info_log_path = /var/log/dovecot.info
listen = *
log_path = /var/log/dovecot
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n
passdb {
  args = /etc/dovecot/passwd
  driver = passwd-file
}
protocols = imap
service auth {
  executable = /usr/lib/dovecot/auth
  unix_listener /var/spool/postfix/private/auth-client {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = root
}
service imap-login {
  chroot = login
  executable = /usr/lib/dovecot/imap-login
  user = dovecot
}
service imap {
  executable = /usr/lib/dovecot/imap
}
userdb {
  args = /etc/dovecot/users
  driver = passwd-file
}
valid_chroot_dirs = /var/spool/vmail

conf.d/10-ssl.conf

ssl = yes
ssl_cert = </etc/ssl/certs/certificate.crt
ssl_key = </etc/ssl/private/key.key
ssl_ca = </etc/ssl/certs/certificate.ca-bundle

证书和密钥文件权限(Postfix 和 Dovecot 使用相同的文件)

-rw------- 1 root root /etc/ssl/certs/certificate.crt
-rw------- 1 root root /etc/ssl/private/key.key

相关内容