Outlook + Dovecot + Postfix + CentOS 8 的 TLS 身份验证问题

希望你一切都好！我是非托管 VPS 的新手，我正在使用 CentOS 8 和 AaPanel 运行 Contabo 服务器，我的问题是与 Outlook 的 SMTP 连接，我的服务器仅接受带有 STARTTLS 或没有任何加密的 SMPT 连接，但我想接受带有 TLS 的连接，我正在使用 Postfix 和 Dovecot 进行电子邮件管理，我正在附加我的配置文件，提前谢谢大家。

注意：POP3 和 IMAP 运行正常；SMTP 也运行正常，但在 587 端口没有加密；我不得不删除一些注释行才能在这里发布问题。

dovecot配置文件

protocols = imap pop3 lmtp

#listen = *, ::

#base_dir = /var/run/dovecot/

#instance_name = dovecot

# Greeting message for clients.
#login_greeting = Dovecot ready.

#login_trusted_networks =

# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets = 

#auth_proxy_self =

#verbose_proctitle = no

#shutdown_clients = yes

#doveadm_socket_path = doveadm-server

#import_environment = TZ

dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}

namespace inbox {
  inbox = yes

  mailbox Trash {
    auto = subscribe # autocreate and autosubscribe the Trash mailbox
    special_use = \Trash
  }
  mailbox Sent {
    auto = subscribe # autocreate and autosubscribe the Sent mailbox
    special_use = \Sent
  }
  mailbox Junk {
    auto = subscribe # autocreate and autosubscribe the Sent mailbox
    special_use = \Junk
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
}

!include conf.d/*.conf

!include_try local.conf

postfix/main.cf

compatibility_level = 2

#soft_bounce = no

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

#default_privs = nobody

#myhostname = host.domain.tld
#myhostname = virtual.domain.tld

#mydomain = domain.tld

#myorigin = $myhostname
#myorigin = $mydomain

# RECEIVING MAIL

#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = all

# Enable IPv4, and IPv6 if supported
#inet_protocols = ipv4

#proxy_interfaces =
#proxy_interfaces = 1.2.3.4

mydestination = 
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#   mail.$mydomain, www.$mydomain, ftp.$mydomain

#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =

unknown_local_recipient_reject_code = 550

#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

#relay_domains = $mydestination

# INTERNET OR INTRANET

#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

#in_flow_delay = 1s

#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

#recipient_delimiter = +

#home_mailbox = Mailbox
#home_mailbox = Maildir/

#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail

#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#mailbox_transport = cyrus

#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =

#luser_relay = [email protected]
#luser_relay = [email protected]
#luser_relay = admin+$local

#header_checks = regexp:/etc/postfix/header_checks

#fast_flush_domains = $relay_domains

#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

debug_peer_level = 2

#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain

debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix3-3.4.9/samples

# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix3-3.4.9/README_FILES
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
myhostname = kitnetcaioba.com.br
virtual_mailbox_domains = sqlite:/etc/postfix/sqlite_virtual_domains_maps.cf
virtual_alias_maps= sqlite:/etc/postfix/btrule.cf
virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_mailbox_maps.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
#Adicionados 2 linhas proximas
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
milter_default_action = accept
message_size_limit = 102400000

smtp_tls_CAfile = /root/rootCACert.pem
smtpd_tls_CAfile = /root/rootCACert.pem
smtpd_tls_key_file = /www/server/panel/plugin/mail_sys/cert/mail.kitnetcaioba.com.br/fullchain.pem
smtpd_tls_cert_file = /www/server/panel/plugin/mail_sys/cert/mail.kitnetcaioba.com.br/privkey.pem
#smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/private/postfix.dh.param


#ssl_cert = < /www/server/panel/plugin/mail_sys/cert/kitnetcaioba.com.br/fullchain.pem
#ssl_key = < /www/server/panel/plugin/mail_sys/cert/kitnetcaioba.com.br/privkey.pem

#smtpd_tls_chain_files = /etc/pki/dovecot/private/dovecot.pem,/etc/pki/dovecot/certs#/dovecot.pem
#tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map

postfix/master.cf

smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
# Comentamos -o smtpd_tls_security_level=may
# Quando eu altero a linha abaixo o Outlook para .
 -o smtpd_enforce_tls=no
 -o smtpd_tls_security_level=
 -o smtpd_tls_auth_only=no
# -o smtpd_sasl_auth_enable=yes
#COmentamos  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  Original -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# Original Comentamos  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache