编辑#2 这是什么错误?
Aug 17 02:27:19 mail postfix/smtpd[1197]: lost connection after CONNECT from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1197]: disconnect from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1199]: lost connection after CONNECT from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1199]: disconnect from unknown[x.x.x.x]
编辑:
telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 SRVMAIL.DOMAIN.com ESMTP Postfix
ehlo localhost
250-mail.breezpack.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
它没有显示身份验证设置?
尝试时: openssl s_client -starttls smtp -connect srvmail.domain.com:587
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = srvmail.domain.com
verify return:1
---
Certificate chain
0 s:/CN=srvmail.domain.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF8jCCBNqgAgEPADCCAQoCggEBALo77hAsj8p5n47uVXM/fXA7LlRS
NFRFzrOuWb8EE7rrMduIL9AVTLimHCq3b0sBnwDSp5NOx0ZGqWbnglewuP+1kgUB
NQtk5HstOW5h+Gu887QWfWgxYfc4VerhaOmiyWNETLdPDiaaISG
Iieu+Xa2Nwt6CFMB7eG2P2RVDWdrEiBLCxC1c7ucl/RApXpx5KV+xMXjf90CAwEA
AaOCAv0wggL5MGrMIGoghRhZ3JvdXAuYnJlZXpwYWNrLmNvbYIXYnJl
ZXptYWlsLmJyZWV6cGFjay5jb22CEWdwby5icmVlenBhY2suY29tghJpbWFwLmJy
ZWV6cGFjay5jb22CEm1haWwuYnJlZXpwYWNrLmNvbYIScG9wMy5icmVlenBhY2su
Y29tghRzZXJ2ZXIuYnJlZXpwYWNrLmNvbY
-----END CERTIFICATE-----
subject=/CN=srvmail.domain.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3613 bytes and written 462 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 88C59C5E9AB3051912D470E994EEDB3B7124750A8A71DCB3FFE43EA1170EA04C
Session-ID-ctx:
Master-Key: 1250671E949DCC8FC1B37B14BAC0B8359134979A61E0EDB4145F345526FCA5C5E29E10262F134B02E1854C2882DD741F
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 78 bf 36 99 bf bc 25 33-22 ed 98 a3 46 21 25 d3 x.6...%3"...F!%.
0050 - df 4c 69 08 45 95 ef 8c-d3 d5 75 c7 30 4f eb c7 .Li.E.....u.0O..
0060 - 82 01 fc 93 83 90 cd ba-d1 6a b8 85 57 99 6f 3b .........j..W.o;
0070 - 36 99 fe bd 8f 3f 32 fc-a5 47 3a 3d fd 99 2e 9b 6....?2..G:=....
0090 - 2f 10 fb 80 ab ca f1 a5-f2 a7 94 c5 41 c7 d3 76 /...........A..v
Start Time: 1597572721
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
但当我尝试从 thunderbird 或 outlook 连接时,它说未检测到加密,并且没有加密则无法连接
因此,基本上它从本地服务器连接到 SSL,但远程却无法连接
主配置文件
myhostname = srvmail.domain.com
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = all
smtpd_tls_cert_file = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/srvmail/privkey.pem
smtp_tls_CApath = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_tls_CApath = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_use_tls=yes
smtp_tls_security_level = may
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_use_tls=yes
主配置文件
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/sumbission
-o smtpd_tls_wrappermode=no
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o mynetworks=127.0.0.0/8
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
-o milter_macro_daemon_name=ORIGINATING
答案1
请加
smtp_sasl_auth_enable = 是
到您的 main.cf 并重新启动 Postfx。