当我尝试使用 postfix 从 CentOS 7 服务器上的中继主机发送电子邮件时,出现以下错误:
Oct 19 19:53:08 localhost postfix/pickup[7174]: 64DAF1A53CB: uid=1002 from=<me>
Oct 19 19:53:08 localhost postfix/cleanup[7184]: 64DAF1A53CB: message-id=<[email protected]>
Oct 19 19:53:08 localhost postfix/qmgr[7175]: 64DAF1A53CB: from=<[email protected]>, size=447, nrcpt=1 (queue active)
Oct 19 19:53:08 localhost postfix/smtp[7177]: CLIENT wrappermode (port smtps/465) is unimplemented
Oct 19 19:53:08 localhost postfix/smtp[7177]: instead, send to (port submission/587) with STARTTLS
Oct 19 19:53:18 localhost postfix/smtp[7177]: 64DAF1A53CB: to=<[email protected]>, relay=emailserver.com[ip.of.email.server]:465, delay=10, delays=0.06/0/10/0, dsn=d.s.n, status=deferred (lost connection with emailserver.com[ip.of.email.server] while receiving the initial server greeting)
我为此采取的步骤是:
# yum -y install postfix cyrus-sasl-plain mailx
# systemctl restart postfix
# systemctl enable postfix
# vi /etc/postfix/main.cf
//Add the following at THE VERY END OF THE FILE:
myhostname = mydomain.com
relayhost = [emailserver.com]:465
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
// save and close, then create the following new file:
# vi /etc/postfix/sasl_passwd
// add the following one line:
[emailserver.com]:465 username:password
// save and close the file
// create a postfix lookup table by running the following command:
# postmap /etc/postfix/sasl_passwd
// restrict access to the file:
# chown root:postfix /etc/postfix/sasl_passwd*
# chmod 640 /etc/postfix/sasl_passwd*
# systemctl reload postfix
然后我在 CentOS 上设置一个名为“me”的新用户并输入以下命令:
echo "This is a test." | mail -s "test message" [email protected]
当我在上述命令中更改port 465为时port 587,我能够使用该echo命令成功发送消息。然而,emailserver.com 客户支持热线说是port 465,SSL only并且port 587已经SSL disabled,所以这里的问题是 SSL 不起作用。我该如何设置才能SSL SMTP发送port 465?
请注意,CentOS 7 开发服务器位于port 25禁用的住宅电缆调制解调器后面,因此我别无选择,只能使用中继主机。另外,我想用它port 465来确保 SSL 连接。电子邮件必须通过 SSL 传输。
整个/etc/postfix/main.cf文件内容为:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = localhost
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
#####################################################################
### Everything below was added to set up relayhost for smtp
#####################################################################
myhostname = mydomain.com
relayhost = [emailserver.com]:465
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
注意:在firewalld中,我将smtp.xml文件设置为用于port 465smtp而不是port 25.但我没有创建smtps服务。我认为这不相关,但我想如果相关的话我会分享它。
答案1
在发布本文时,我测试上述内容的服务器没有自己签名的 SSL 证书。 (当时使用的是私有证书。)远程邮件服务器需要签名的 SSL 证书,因此拒绝了 OP 的连接请求,从而触发了导致此发布的错误。
在本例中,解决方案涉及使用签名的 SSL 证书。但也可以通过使用允许受信任的未签名证书的邮件服务器或发送未加密的请求来解决该错误。