我在 CentOS 8 服务器上运行 Dovecot 和 Postfix,并使用 Nginx 和 LetsEncrypt 进行 SSL/TLS 传输。我使用的是虚拟用户和域配置。OpenDKIM、OpenDMARC、ClamAV 和 SpamAssassin 也在使用中,Roundcube 和 PostfixAdmin 分别用于网络邮件/管理。
问题:无法取回或者发送Thunderbird 上的邮件。尝试下载新邮件会导致 1-2 分钟的“已连接到 pop.domain.com...”,然后收到警报“连接到服务器 pop.domain.com 超时”。Thunderbird 配置为在端口 993 上的 imap.domain.com 或端口 995 上的 pop.domain.com 上工作。我在每个服务器上都有一个测试帐户,但都没有工作。
有趣的是,可以看法收件箱和收到使用 Roundcube 可以很好地发送电子邮件,但是无法发送而不会出现“SMTP 错误:[451] 4.7.1 服务不可用 - 稍后再试”。
可能的罪魁祸首:
- Dovecot 中的配置变量配置错误
- 可能源于版本差异:我使用的 CentOS 72.10.1对于 Postfix,2.2.36对于 Dovecot。
而当前设置使用3.3.1对于 Postifx,2.3.8适用于 Dovecot。
- 可能源于版本差异:我使用的 CentOS 72.10.1对于 Postfix,2.2.36对于 Dovecot。
- SSL 证书问题?
- Thunderbird 配置问题?
dovecot -n
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
default_login_user = vmail
first_valid_gid = 2000
first_valid_uid = 2000
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_access_groups = vmail
mail_debug = yes
mail_location = maildir:/var/www/mail/vmail/%d/%n
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocols = imap lmtp pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0600
user = postfix
}
user = root
}
service imap-login {
inet_listener imaps {
port = 993
}
process_min_avail = 1
user = vmail
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3s {
port = 995
}
process_min_avail = 1
user = vmail
}
ssl = required
ssl_cert = </etc/ssl/private/fullchain.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = static
}
verbose_ssl = yes
postconf -n
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
milter_protocol = 2
mydestination = localhost
myorigin = localhost
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = unix:/var/run/opendkim/opendkim.socket,
unix:/var/run/opendmarc/opendmarc.socket,
unix:/var/run/spamass-milter/spamass-milter.socket
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = *
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = no
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_milters = unix:/var/run/opendkim/opendkim.socket,
unix:/var/run/opendmarc/opendmarc.socket,
unix:/var/run/spamass-milter/spamass-milter.socket
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/virtual_domains_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/fullchain.pem
smtpd_tls_key_file = /etc/ssl/private/privkey.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/www/mail/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:2000
maillog(在 Thunderbird 中点击“获取消息”后
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: auth: Debug: auth client connected (pid=359812)
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:41:50 hwsrv-579344 dovecot[359560]: auth: Debug: auth client connected (pid=359813)
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL error: Connection closed
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: pop3-login: Disconnected (no auth attempts in 35 secs): user=<>, rip=173.73.24.88, lip=142.11.253.50, TLS handshaking: Connection closed, session=<dBsQRNKqWS2tSRhY>
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL error: Connection closed
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL error: Connection closed
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: imap-login: Disconnected (no auth attempts in 35 secs): user=<>, rip=173.73.24.88, lip=142.11.253.50, TLS handshaking: Connection closed, session=<jkUWRNKqXC2tSRhY>
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:42:25 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL error: Connection closed
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: auth: Debug: auth client connected (pid=359824)
Jul 19 21:42:28 hwsrv-579344 dovecot[359560]: auth: Debug: auth client connected (pid=359825)
maillog(尝试通过 Roundcube 发送邮件后[电子邮件保护]到[电子邮件保护])
Jul 19 22:20:54 hwsrv-579344 postfix/submission/smtpd[360356]: disconnect from 12345.localhostname.com[111.222.222.222] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=0/1 rset=1 quit=1 commands=8/9
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: connect from 12345.localhostname.com[111.222.222.222]
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: warning: connect to Milter service unix:/var/run/spamass-milter/spamass-milter.socket: Permission denied
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: setting up TLS connection from 12345.localhostname.com[111.222.222.222]
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: 12345.localhostname.com[111.222.222.222]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:before SSL initialization
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:before SSL initialization
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS read client hello
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS write server hello
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS write change cipher spec
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:TLSv1.3 write encrypted extensions
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS write certificate
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:TLSv1.3 write server certificate verify
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS write finished
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:TLSv1.3 early data
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:TLSv1.3 early data
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS read finished
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: 12345.localhostname.com[111.222.222.222]: Issuing session ticket, key expiration: 1595199052
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: 12345.localhostname.com[111.222.222.222]: save session E3966DA0AAC8A87053F861169C752EF9248773F52ED7C23B345072D992E4D4A8&s=submission&l=269488191 to smtpd cache
Jul 19 22:21:36 hwsrv-579344 postfix/tlsmgr[360358]: put smtpd session id=E3966DA0AAC8A87053F861169C752EF9248773F52ED7C23B345072D992E4D4A8&s=submission&l=269488191 [data 136 bytes]
Jul 19 22:21:36 hwsrv-579344 postfix/tlsmgr[360358]: write smtpd TLS cache entry E3966DA0AAC8A87053F861169C752EF9248773F52ED7C23B345072D992E4D4A8&s=submission&l=269488191: time=1595197296 [data 136 bytes]
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS write session ticket
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: 12345.localhostname.com[111.222.222.222]: Issuing session ticket, key expiration: 1595199052
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: 12345.localhostname.com[111.222.222.222]: save session 21BE69B853D66629D76AF0565BAF12FD3D4EF1BBAC38F329D3EC61D53AF95953&s=submission&l=269488191 to smtpd cache
Jul 19 22:21:36 hwsrv-579344 postfix/tlsmgr[360358]: put smtpd session id=21BE69B853D66629D76AF0565BAF12FD3D4EF1BBAC38F329D3EC61D53AF95953&s=submission&l=269488191 [data 137 bytes]
Jul 19 22:21:36 hwsrv-579344 postfix/tlsmgr[360358]: write smtpd TLS cache entry 21BE69B853D66629D76AF0565BAF12FD3D4EF1BBAC38F329D3EC61D53AF95953&s=submission&l=269488191: time=1595197296 [data 137 bytes]
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: SSL_accept:SSLv3/TLS write session ticket
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: Anonymous TLS connection established from 12345.localhostname.com[111.222.222.222]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: client in: AUTH#0112#011LOGIN#011service=smtp#011nologin#011lip=111.222.222.222#011rip=111.222.222.222#011secured
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: client passdb out: CONT#0112#011VXNlcm5hbWU6
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: client in: CONT<hidden>
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: client passdb out: CONT#0112#011UGFzc3dvcmQ6
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: client in: CONT<hidden>
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: sql([email protected],111.222.222.222): Performing passdb lookup
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth-worker(360335): Debug: conn unix:auth-worker (pid=359563,uid=0): auth-worker<8>: Handling PASSV request
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth-worker(360335): Debug: sql([email protected],111.222.222.222): Performing passdb lookup
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth-worker(360335): Debug: sql([email protected],111.222.222.222): query: SELECT username as user, password, '/var/www/mail/vmail/domain.com/foo' as userdb_home, 'maildir:/var/www/mail/vmail/domain.com/foo' as userdb_mail, 2000 as userdb_uid, 2000 as userdb_gid FROM mailbox WHERE username = '[email protected]' AND active = '1'
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth-worker(360335): Debug: sql([email protected],111.222.222.222): Finished passdb lookup
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth-worker(360335): Debug: conn unix:auth-worker (pid=359563,uid=0): auth-worker<8>: Finished
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: sql([email protected],111.222.222.222): Finished passdb lookup
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: auth([email protected],111.222.222.222): Auth request finished
Jul 19 22:21:36 hwsrv-579344 dovecot[359560]: auth: Debug: client passdb out: OK#0112#[email protected]
Jul 19 22:21:36 hwsrv-579344 postfix/submission/smtpd[360356]: 3A3D790001A4: client=12345.localhostname.com[111.222.222.222], sasl_method=LOGIN, [email protected]
Jul 19 22:21:36 hwsrv-579344 postfix/cleanup[360363]: 3A3D790001A4: message-id=<[email protected]>
Jul 19 22:21:36 hwsrv-579344 opendkim[80314]: default._domainkey.domain.com: key data is not secure: /etc/opendkim/keys/domain.com/default is in group 0 which has multiple users (e.g. "sync")
Jul 19 22:21:36 hwsrv-579344 opendkim[80314]: 3A3D790001A4: error loading key 'default._domainkey.domain.com'
Jul 19 22:21:36 hwsrv-579344 postfix/cleanup[360363]: 3A3D790001A4: milter-reject: END-OF-MESSAGE from 12345.localhostname.com[111.222.222.222]: 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<webmail.domain.com>
提前感谢你的帮助。我一直在绞尽脑汁想找出这个问题。
编辑:添加了 Thunderbird 日志
2020-07-20 20:29:25.582000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: D/IMAP ImapThreadMainLoop entering [this=1A155000]
2020-07-20 20:29:25.670000 UTC - [(null) 3344: Main Thread]: I/IMAP 1A155000:imap.domain.com:NA:SetupWithUrlCallback: clearing IMAP_CONNECTION_IS_OPEN
2020-07-20 20:29:25.670000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: I/IMAP 1A155000:imap.domain.com:NA:ProcessCurrentURL: entering
2020-07-20 20:29:25.670000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: I/IMAP 1A155000:imap.domain.com:NA:ProcessCurrentURL:imap://bar%40domain%[email protected]:993/select%3E/INBOX: = currentUrl
2020-07-20 20:31:05.721000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: D/IMAP ReadNextLine [stream=1A1E0060 nb=0 needmore=1]
2020-07-20 20:31:05.739000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: I/IMAP 1A155000:imap.domain.com:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 804b000e
2020-07-20 20:31:05.742000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: I/IMAP 1A155000:imap.domain.com:NA:TellThreadToDie: close socket connection
2020-07-20 20:31:05.742000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: I/IMAP 1A155000:imap.domain.com:NA:CreateNewLineFromSocket: (null)
2020-07-20 20:31:05.768000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: I/IMAP 1A155000:imap.domain.com:NA:ProcessCurrentURL: aborting queued urls
2020-07-20 20:31:05.768000 UTC - [(null) 3344: Unnamed thread 1A1DF190]: D/IMAP ImapThreadMainLoop leaving [this=1A155000]
2020-07-20 20:36:24.186000 UTC - [(null) 3344: Unnamed thread 17C36190]: D/IMAP ImapThreadMainLoop entering [this=05026800]
2020-07-20 20:36:24.192000 UTC - [(null) 3344: Main Thread]: I/IMAP 05026800:imap.domain.com:NA:SetupWithUrlCallback: clearing IMAP_CONNECTION_IS_OPEN
2020-07-20 20:36:24.193000 UTC - [(null) 3344: Unnamed thread 17C36190]: I/IMAP 05026800:imap.domain.com:NA:ProcessCurrentURL: entering
2020-07-20 20:36:24.193000 UTC - [(null) 3344: Unnamed thread 17C36190]: I/IMAP 05026800:imap.domain.com:NA:ProcessCurrentURL:imap://bar%40domain%[email protected]:993/select%3E/INBOX: = currentUrl
2020-07-20 20:38:04.230000 UTC - [(null) 3344: Unnamed thread 17C36190]: D/IMAP ReadNextLine [stream=1A1EADD0 nb=0 needmore=1]
2020-07-20 20:38:04.236000 UTC - [(null) 3344: Unnamed thread 17C36190]: I/IMAP 05026800:imap.domain.com:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 804b000e
2020-07-20 20:38:04.236000 UTC - [(null) 3344: Unnamed thread 17C36190]: I/IMAP 05026800:imap.domain.com:NA:TellThreadToDie: close socket connection
2020-07-20 20:38:04.236000 UTC - [(null) 3344: Unnamed thread 17C36190]: I/IMAP 05026800:imap.domain.com:NA:CreateNewLineFromSocket: (null)
2020-07-20 20:38:04.252000 UTC - [(null) 3344: Unnamed thread 17C36190]: I/IMAP 05026800:imap.domain.com:NA:ProcessCurrentURL: aborting queued urls
2020-07-20 20:38:04.261000 UTC - [(null) 3344: Unnamed thread 17C36190]: D/IMAP ImapThreadMainLoop leaving [this=05026800]
答案1
这不是客户端问题。问题在于:
Jul 19 22:21:36 hwsrv-579344 opendkim[80314]: default._domainkey.domain.com: key data is not secure: /etc/opendkim/keys/domain.com/default is in group 0 which has multiple users (e.g. "sync")
Jul 19 22:21:36 hwsrv-579344 opendkim[80314]: 3A3D790001A4: error loading key 'default._domainkey.domain.com'
您的服务器正在使用 OpenDKIM,默认情况下它对其密钥的权限非常严格。
其技术原因是因为系统的sync用户位于第 0 组,root而 OpenDKIM 基本上嫉妒其他人位于第 0 组。
我不知道将sync用户从组 0 中删除是否安全。我想说这可能是一个非常糟糕的主意,所以不要这样做。
你可以合理地如果您修改/etc/opendkim/opendkim.conf并添加以下行,则是安全的:
RequireSafeKeys False
它并不完美,因为我认为 OpenDKIM 出于某种原因而非常谨慎,或者它的默认用例是针对组 0 中没有多个用户的系统。
PS./etc/postfix/main.cf您可以进行以下更改:
smtpd_tls_key_file = $smtpd_tls_cert_file
您可以执行此操作并/etc/ssl/private/privkey.pem全部删除(即重命名,而不是删除,以防出现其他问题),因为 postfix 支持将密钥和证书放在同一个文件中。您的 dovecot 配置已经这样做了。