dovecot --版本 2.3.4.1 (f79e8e7e4)
好的,我尝试启用邮件加密,但出现问题。我正在使用https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#ec-key。
我跑了:
cd $HOME
openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem
openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem
我将 dovecot 配置编辑为:
. . .
mail_max_userip_connections = 120
. . .
mail_plugins = $mail_plugins mail_crypt
plugin {
mail_crypt_global_private_key = </home/ec2-user/ecprivkey.pem
mail_crypt_global_public_key = </home/ec2-user/ecpubkey.pem
mail_crypt_save_version = 2
}
. . .
我现在在日志中看到:
deliver | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: inet-MY IP-1.bos.netblazr.com[MY IP]: SASL PLAIN authentication failed: generic failure
deliver | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
deliver | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: inet.MY IP.bos.netblazr.com[MY IP]: SASL LOGIN authentication failed: generic failure
. . .
deliver | Apr 15 02:44:08 ip-172-31-0-35 postfix/smtpd[22684]: NOQUEUE: reject: RCPT from mail-qk1-f176.google.com[209.85.222.176]: 451 4.3.5 <MY EEMAIL>: Recipient address rejected: Server configuration problem; from=<[email protected]> to=<MY EMAIL> proto=ESMTP helo=<mail-qk1-f176.google.com>
deliver | Apr 15 02:44:08 ip-172-31-0-35 postfix/smtpd[22684]: disconnect from mail-qk1-f176.google.com[209.85.222.176] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
我想知道为什么现在启用 SASL 以使 postfix 能够工作/进行身份验证(如果我关闭 mail_crypt 则不会启用)。
我猜Server configuration problem问题就在这里...
有什么建议我应该去哪里看吗?
答案1
明白了——完全误解了将 mail_crypt 放在哪里。以下是我所做的:
services:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
hostname: ${HOSTNAME}
domainname: ${DOMAINNAME}
container_name: ${CONTAINER_NAME}
env_file: mailserver.env
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- ./maildata:/var/mail
- ./mailstate:/var/mail-state
- ./maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/${SELINUX_LABEL}
- ./config/dovecot:/etc/dovecot/conf.d
- ./certs/:/certs
- /etc/letsencrypt:/etc/letsencrypt
restart: always
cap_add: [ "NET_ADMIN", "SYS_PTRACE" ]
然后,我编辑了volumed ./config/dovecot/20-lmtp.conf而不是主dovecot配置,并添加:
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve mail_crypt
plugin {
mail_crypt_global_private_key = </certs/ecprivkey.pem
mail_crypt_global_public_key = </certs/ecpubkey.pem
mail_crypt_save_version = 2
}
}
然后还编辑了20-imap.conf:
protocol imap {
# allow IMAP clients to ask quota usage
mail_plugins = $mail_plugins imap_quota mail_crypt
plugin {
mail_crypt_global_private_key = </certs/ecprivkey.pem
mail_crypt_global_public_key = </certs/ecpubkey.pem
mail_crypt_save_version = 2
}
}
现在效果很好:)