Postfix

postfix 無法通過 TLS/SSL 與目標伺服器通信

  • September 25, 2014

我可以用 TLS 連接我的postfix 伺服器。所有的東西都設置好了。但是,當我使用此安全連接發送消息時,目標伺服器(例如 gmail)會在沒有 TLS/SSL 安全連接的情況下收到我的消息。

如果我使用另一台具有 cpanel 的伺服器,Gmail 會通過 ESMTP S接收該消息。但是當我向 gmail 帳戶發送消息時,它由 ESMTP 接收(不使用 TLS 連接。)

真誠地,我發現我的 postfix 伺服器沒有通過 SSL/TLS 加密連接與目標進行協商。

http://www.checktls.com報告您的電子郵件已發送,但未使用 TLS 安全發送。

但是為什麼我能夠通過 TLS 連接我的伺服器,但伺服器無法通過安全連接發送它?

這是配置文件:

main.cf

myhostname =  **hidden**
myorigin = /etc/mailname
mynetworks_style = host
mydestination = domains here...
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 104857600


mailbox_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtp

smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem

smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=encrypt
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_dns_support_level = enabled
smtp_tls_loglevel = 1

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

# and the common settings to enable SASL:
smtpd_sasl_auth_enable = yes
# With Postfix version before 2.10, use smtpd_recipient_restrictions
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces

append_dot_mydomain = no
readme_directory = no



smtpd_milters           = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol     = 2

canonical_classes = header_recipient

master.cf

smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o cleanup_service_name=subcleanup
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
submission inet n      -       n       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_wrappermode=yes
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
smtps     inet  n       -       -       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_wrappermode=yes
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth

啟用機會性 TLS 支持,即當遠端伺服器標識自己支持 TLS 時使用 TLS 發送消息,但在遠端伺服器不支持時以明文方式發送消息:

# main.cf
smtp_tls_security_level = may

您已在配置中啟用smtpd_tls_security_level=encrypt(僅一個字母差異),僅涵蓋通過 SMTP 的傳入電子郵件流量,但不包括傳出電子郵件。

引用自:https://serverfault.com/questions/631203