mail.log 中的错误显示“dovecot 无法建立中继连接 in=0 out=22 (state=GREETING)”使用 Dovecot 2.3.7.2
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.14.17-x86_64-linode150 x86_64 Ubuntu 20.04.3 LTS
# Hostname: mail.servicemouse.com
auth_verbose = yes
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap lmtp sieve pop3 submission"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
submission_relay_host = 127.0.0.1
submission_relay_ssl = starttls
submission_relay_trusted = yes
userdb {
driver = passwd
}
Nov 20 23:17:20 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:56956 [1]: Connection lost: read(SSL (conn:71.6.165.200:56956,id=1)) failed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
Nov 20 23:17:20 mail dovecot: submission-login: Read failure: user=<>, rip=71.6.165.200, lip=45.79.79.188, TLS handshaking: SSL_accept() syscall failed: Invalid argument, session=<W4HTyETRfN5HBqXI>
Nov 20 23:17:20 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:57030 [1]: Connection lost: read(SSL (conn:71.6.165.200:57030,id=1)) failed: SSL_accept() failed: error:142090FC:SSL routines:tls_early_post_process_client_hello:unknown protocol
Nov 20 23:17:20 mail dovecot: submission-login: Read failure: user=<>, rip=71.6.165.200, lip=45.79.79.188, TLS handshaking: SSL_accept() syscall failed: Invalid argument, session=<3FXVyETRxt5HBqXI>
Nov 20 23:17:21 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:57080 [1]: Connection lost: read(SSL (conn:71.6.165.200:57080,id=1)) failed: SSL_accept() failed: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
@
答案1
我认为您至少遇到了两个问题。您的 MX 记录可能是非预期的:
mail.servicemouse.com. 3266 IN MX 2 servicemouse.com.
我怀疑您的意思是将名为“mail”的服务器配置为无前缀域的交换器,而不是相反。通常,MX 记录在区域文件中的设置如下:
@ 3600 IN MX 2 mail.servicemouse.com.
另一个问题听起来像是连接到 Dovecot 提交代理的任何东西都在尝试建立不可接受的传输安全选项。您可以使用它来openssl s_client -connect hostname:port
独立于邮件客户端软件测试传输安全性,如果您使用此类旧版兼容性选项,请不要忘记指定相应的-starttls
选项。
要从服务器端了解有关 TLS 问题的更多信息,提高日志记录级别,例如verbose_ssl=yes
。请记住,如果您不需要它,请再次禁用它,它可能会变得相当冗长,您将看到的警告不仅仅是关于您自己的连接尝试,还有关于其他互联网背景噪音袭击您的服务器的警告。