这是我的 postfix main.cnf 配置文件
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_sasl_security_options = noanonymous
smtpd_tls_loglevel = 1
smtpd_tls_auth_only = yes
smtp_tls_ciphers = export
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtpd_tls_cert_file=/etc/ssl/certs/smtpd.crt
smtpd_tls_key_file=/etc/ssl/private/smtpd.key
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
myhostname = 4051.localdomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, 4051.localdomain, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
我正在尝试发送电子邮件,这是错误:
Aug 23 15:23:08 4051 postfix/qmgr[31284]: 7BC223100C2D: from=<[email protected]>, size=931, nrcpt=1 (queue active)
Aug 23 15:23:08 4051 postfix/smtp[31344]: 7BC223100C2D: TLS is required, but was not offered by host gmail-smtp-in.l.google.com[74.125.195.27]
Aug 23 15:23:09 4051 postfix/smtp[31344]: 7BC223100C2D: TLS is required, but was not offered by host alt1.gmail-smtp-in.l.google.com[173.194.221.26]
Aug 23 15:23:10 4051 postfix/smtp[31344]: 7BC223100C2D: TLS is required, but was not offered by host alt2.gmail-smtp-in.l.google.com[74.125.68.26]
Aug 23 15:23:11 4051 postfix/smtp[31344]: 7BC223100C2D: TLS is required, but was not offered by host alt3.gmail-smtp-in.l.google.com[64.233.189.26]
Aug 23 15:23:13 4051 postfix/smtp[31344]: 7BC223100C2D: to=<[email protected]>, relay=alt4.gmail-smtp-in.l.google.com[173.194.72.26]:25, delay=487, delays=482/0.04/4.4/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host alt4.gmail-smtp-in.l.google.com[173.194.72.26])
我确信 Gmail 支持加密电子邮件,那么问题的可能原因是什么?
答案1
对于 Cisco IOS 防火墙:
感谢上面引用的斯蒂芬·哈里斯的评论:
如果您在 telnet 输出中没有看到 STARTTLS,那么您在 postfix 上所做的任何操作都无法使 TLS 正常工作。您遇到了较低级别的数据流问题。
我使用的是带有 Cisco IOS v 15.1 的 Cisco 2851。我的解决方案是纠正 esmtp 检查过滤器。读一读:SMTP 的应用程序检查和控制。例如,它将 EHLO 命令替换250-STARTTLS为 XXX's: 250-XXXXXXXX。
show running-config在路由器命令行上显示了包括 esmtp 在内的活动过滤器列表:
ip inspect name APPWIZ http
ip inspect name APPWIZ https
ip inspect name APPWIZ tcp
ip inspect name APPWIZ udp
ip inspect name APPWIZ sip
ip inspect name APPWIZ pop3
ip inspect name APPWIZ imap
ip inspect name APPWIZ icmp
ip inspect name APPWIZ ftp
ip inspect name APPWIZ dns
ip inspect name APPWIZ esmtp
对我来说,直接的解决方案是禁用 esmtp 检查(直到我能够适当配置它),如下所示:
configure terminal
no ip inspect name APPWIZ esmtp
exit
write memory
您需要替换APPWIZ为检查类映射的名称。