smtp.gmail.com 的 Postfix 证书验证失败

smtp.gmail.com 的 Postfix 证书验证失败

我有问题,我的电子邮件服务器使用带有 gmail smtp 的 postfix,我使用帐户 google apps,但总是要求 SASL 身份验证失败,我使用 php 脚本发送了一封电子邮件,之后我看到错误日志中输入了错误的密码,之后我从浏览器打开 URL 并且没有验证 postfixnya captcha 并且可以返回,但是 2-3 天后又发生了这样的情况。

这是我的配置后缀

#myorigin = /etc/mailname

smtpd_banner = Hostingbitnet Mail Server
biff = no
append_dot_mydomain = no
readme_directory = no

myhostname = webmaster.hostingbitnet.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, webmaster.hostingbitnet.com, localhost.localdomain, 103.9.126.163
relayhost = [smtp.googlemail.com]:587
relay_transport = relay
relay_destination_concurrency_limit = 1
mynetworks = 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/16, 10.0.0.0/8,  103.9.126.0/24

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
default_transport = smtp

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/google-apps
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sender_dependent_authentication = yes
tls_random_source = dev:/dev/urandom
default_destination_concurrency_limit = 1

smtp_tls_CAfile = /etc/postfix/tls/root.crt
smtp_tls_cert_file = /etc/postfix/tls/cert.pem
smtp_tls_key_file = /etc/postfix/tls/privatekey.pem
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_security_level = may
smtp_tls_loglevel = 1

smtpd_tls_CAfile = /etc/postfix/tls/root.crt
smtpd_tls_cert_file = /etc/postfix/tls/cert.pem
smtpd_tls_key_file = /etc/postfix/tls/privatekey.pem
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1

#secure
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/var/lib/pop-before-smtp/hosts,reject_unauth_destination

来自 mail.log 的日志

Oct 30 14:51:13 webmaster postfix/smtp[9506]: Untrusted TLS connection established to smtp.gmail.com[74.125.25.109]:587: TLSv1 with cipher RC4-SHA (128/128 bits)
Oct 30 14:51:15 webmaster postfix/smtp[9506]: 87E2739400B1: SASL authentication failed; server smtp.gmail.com[74.125.25.109] said: 535-5.7.1 Please log in with your web browser and then try again. Learn more at?535 5.7.1 https://support.google.com/mail/bin/answer.py?answer=78754 ix9sm156630pbc.7
Oct 30 14:51:15 webmaster postfix/smtp[9506]: setting up TLS connection to smtp.gmail.com[74.125.25.108]:587
Oct 30 14:51:15 webmaster postfix/smtp[9506]: certificate verification failed for smtp.gmail.com[74.125.25.108]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Oct 30 14:51:16 webmaster postfix/smtp[9506]: Untrusted TLS connection established to smtp.gmail.com[74.125.25.108]:587: TLSv1 with cipher RC4-SHA (128/128 bits)
Oct 30 14:51:17 webmaster postfix/smtp[9506]: 87E2739400B1: to=<[email protected]>, relay=smtp.gmail.com[74.125.25.108]:587, delay=972, delays=967/0.03/5.5/0, dsn=4.7.1, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.25.108] said: 535-5.7.1 Please log in with your web browser and then try again. Learn more at?535 5.7.1 https://support.google.com/mail/bin/answer.py?answer=78754 s1sm3850paz.0)
Oct 30 14:51:17 webmaster postfix/error[9508]: B3960394009D: to=<[email protected]>, orig_to=<root>, relay=none, delay=29992, delays=29986/5.6/0/0.07, dsn=4.7.1, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.25.108] said: 535-5.7.1 Please log in with your web browser and then try again. Learn more at?535 5.7.1 https://support.google.com/mail/bin/answer.py?answer=78754 s1sm3850paz.0)

顺便说一句,我做了认证,请点击这里的链接 http://koti.kapsi.fi/ptk/postfix/postfix-tls-cacert.shtml并且它起作用了,但是 2/3 天后我的电子邮件又回到了问题无效 SASL,然后我需要使用浏览器登录并在那里输入验证码,但输入验证码后成功登录,我的电子邮件服务器可以从 telnet 或 php 脚本发送电子邮件。但是 2/3 天后它又会陷入困境。

我的问题是如何使其成为永久证书?

谢谢并问候。

答案1

从谷歌帮助页面来看,它认为您必须先为该帐户解锁 chapta 才能永久使用。

https://www.google.com/accounts/DisplayUnlockCaptcha

相关内容