Postfix
postfix 無法通過 TLS/SSL 與目標伺服器通信
我可以用 TLS 連接我的postfix 伺服器。所有的東西都設置好了。但是,當我使用此安全連接發送消息時,目標伺服器(例如 gmail)會在沒有 TLS/SSL 安全連接的情況下收到我的消息。
如果我使用另一台具有 cpanel 的伺服器,Gmail 會通過 ESMTP S接收該消息。但是當我向 gmail 帳戶發送消息時,它由 ESMTP 接收(不使用 TLS 連接。)
真誠地,我發現我的 postfix 伺服器沒有通過 SSL/TLS 加密連接與目標進行協商。
http://www.checktls.com報告您的電子郵件已發送,但未使用 TLS 安全發送。
但是為什麼我能夠通過 TLS 連接我的伺服器,但伺服器無法通過安全連接發送它?
這是配置文件:
main.cf
myhostname = **hidden** myorigin = /etc/mailname mynetworks_style = host mydestination = domains here... relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 104857600 mailbox_transport = lmtp:unix:private/dovecot-lmtp virtual_transport = lmtp:unix:private/dovecot-lmtp smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem smtpd_tls_key_file = /etc/ssl/private/postfix.pem smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_security_level=encrypt smtpd_tls_protocols = !SSLv2, !SSLv3 smtp_dns_support_level = enabled smtp_tls_loglevel = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # and the common settings to enable SASL: smtpd_sasl_auth_enable = yes # With Postfix version before 2.10, use smtpd_recipient_restrictions smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces append_dot_mydomain = no readme_directory = no smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2 canonical_classes = header_recipientmaster.cf
smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o cleanup_service_name=subcleanup # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth smtps inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth
啟用機會性 TLS 支持,即當遠端伺服器標識自己支持 TLS 時使用 TLS 發送消息,但在遠端伺服器不支持時以明文方式發送消息:
# main.cf smtp_tls_security_level = may您已在配置中啟用
smtpd_tls_security_level=encrypt(僅一個字母差異),僅涵蓋通過 SMTP 的傳入電子郵件流量,但不包括傳出電子郵件。