Postfix 加密不可用

tag-icon tag-icon ssl postfix smtp smtp-auth smtps
Postfix 加密不可用

编辑#2 这是什么错误?

Aug 17 02:27:19 mail postfix/smtpd[1197]: lost connection after CONNECT from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1197]: disconnect from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1199]: lost connection after CONNECT from unknown[x.x.x.x]
Aug 17 02:27:19 mail postfix/smtpd[1199]: disconnect from unknown[x.x.x.x]

编辑:

telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 SRVMAIL.DOMAIN.com ESMTP Postfix

ehlo localhost
250-mail.breezpack.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

它没有显示身份验证设置?

尝试时: openssl s_client -starttls smtp -connect srvmail.domain.com:587

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = srvmail.domain.com
verify return:1
---
Certificate chain
 0 s:/CN=srvmail.domain.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF8jCCBNqgAgEPADCCAQoCggEBALo77hAsj8p5n47uVXM/fXA7LlRS
NFRFzrOuWb8EE7rrMduIL9AVTLimHCq3b0sBnwDSp5NOx0ZGqWbnglewuP+1kgUB
NQtk5HstOW5h+Gu887QWfWgxYfc4VerhaOmiyWNETLdPDiaaISG
Iieu+Xa2Nwt6CFMB7eG2P2RVDWdrEiBLCxC1c7ucl/RApXpx5KV+xMXjf90CAwEA
AaOCAv0wggL5MGrMIGoghRhZ3JvdXAuYnJlZXpwYWNrLmNvbYIXYnJl
ZXptYWlsLmJyZWV6cGFjay5jb22CEWdwby5icmVlenBhY2suY29tghJpbWFwLmJy
ZWV6cGFjay5jb22CEm1haWwuYnJlZXpwYWNrLmNvbYIScG9wMy5icmVlenBhY2su
Y29tghRzZXJ2ZXIuYnJlZXpwYWNrLmNvbY
-----END CERTIFICATE-----
subject=/CN=srvmail.domain.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3613 bytes and written 462 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 88C59C5E9AB3051912D470E994EEDB3B7124750A8A71DCB3FFE43EA1170EA04C
    Session-ID-ctx:
    Master-Key: 1250671E949DCC8FC1B37B14BAC0B8359134979A61E0EDB4145F345526FCA5C5E29E10262F134B02E1854C2882DD741F
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - 78 bf 36 99 bf bc 25 33-22 ed 98 a3 46 21 25 d3   x.6...%3"...F!%.
    0050 - df 4c 69 08 45 95 ef 8c-d3 d5 75 c7 30 4f eb c7   .Li.E.....u.0O..
    0060 - 82 01 fc 93 83 90 cd ba-d1 6a b8 85 57 99 6f 3b   .........j..W.o;
    0070 - 36 99 fe bd 8f 3f 32 fc-a5 47 3a 3d fd 99 2e 9b   6....?2..G:=....
    0090 - 2f 10 fb 80 ab ca f1 a5-f2 a7 94 c5 41 c7 d3 76   /...........A..v

    Start Time: 1597572721
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 DSN

但当我尝试从 thunderbird 或 outlook 连接时,它说未检测到加密,并且没有加密则无法连接

因此,基本上它从本地服务器连接到 SSL,但远程却无法连接

主配置文件

myhostname = srvmail.domain.com
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = all

smtpd_tls_cert_file = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/srvmail/privkey.pem

smtp_tls_CApath = /etc/letsencrypt/live/srvmail/fullchain.pem
smtpd_tls_CApath = /etc/letsencrypt/live/srvmail/fullchain.pem

smtpd_use_tls=yes
smtp_tls_security_level = may
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3


smtpd_use_tls=yes

主配置文件

smtp      inet  n       -       n       -       -       smtpd


submission inet n - n - - smtpd
 -o syslog_name=postfix/sumbission
 -o smtpd_tls_wrappermode=no
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o mynetworks=127.0.0.0/8
 -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
 -o milter_macro_daemon_name=ORIGINATING

答案1

请加

smtp_sasl_auth_enable = 是

到您的 main.cf 并重新启动 Postfx。

相关内容