Ssl
Postfix、TLS 和 StartSSL 證書
我最近更改了我的 postfix 安裝以使用帶有 StartSSL 頒發的證書的 TLS。然後我執行SMTP和TLS檢查,沒有錯誤或警告。一切似乎都執行良好。
我現在的問題是,接收郵件似乎並非在每種情況下都有效。似乎有郵件伺服器我無法接收來自的郵件。例如亞馬遜或暴雪。在亞馬遜的情況下,我的後綴日誌是這樣說的:
Jan 16 13:57:51 myhost postfix/smtpd[31551]: connect from mm-notify-out-127-214.amazon.com[176.32.127.214] Jan 16 13:57:51 myhost postfix/smtpd[31551]: lost connection after EHLO from mm-notify-out-127-214.amazon.com[176.32.127.214] Jan 16 13:57:51 myhost postfix/smtpd[31551]: disconnect from mm-notify-out-127-214.amazon.com[176.32.127.214]
當收到來自暴雪的郵件時,日誌看起來是一樣的,只是缺少“失去的連接”行。
我懷疑這兩家(可能還有更多)公司可能不信任 StartSSL 證書,我必須從一個“值得信賴的”大型 CA 購買證書。
誰能告訴我我的懷疑是否正確,或者我的後綴配置是否有任何錯誤?
非常感謝您的幫助。
編輯: 這是我從 telnet 會話的輸出:
telnet host 587 Trying ip... Connected to host. Escape character is '^]'. 220 host ESMTP Postfix (Debian/GNU) ehlo host 250-host 250-PIPELINING 250-SIZE 134217728 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
編輯: 啟用了 debug_peer_list 的後綴日誌:
Jan 16 16:52:21 myhost postfix/smtpd[5712]: initializing the server-side TLS engine Jan 16 16:52:21 myhost postfix/tlsmgr[5714]: open smtpd TLS cache btree:/var/lib/postfix/smtpd_scache Jan 16 16:52:21 myhost postfix/tlsmgr[5714]: tlsmgr_cache_run_event: start TLS smtpd session cache cleanup Jan 16 16:52:21 myhost postfix/smtpd[5712]: connect from smtp-out-127-108.amazon.com[176.32.127.108] Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: auto_clnt_open: connected to private/anvil Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr request = connect Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr ident = smtp:176.32.127.108 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: count Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: count Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 1 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: rate Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: rate Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 1 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: (list terminator) Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: (end) Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 220 mail.myhost ESMTP Postfix (Debian/GNU) Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: EHLO smtp-out-127-108.amazon.com Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-mail.myhost Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-PIPELINING Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-SIZE 134217728 Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-VRFY Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-ETRN Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-STARTTLS Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-ENHANCEDSTATUSCODES Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250-8BITMIME Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 250 DSN Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: MAIL FROM:<20140116155221ae18abe030864bbfaaa9b8af73986be6@bounces.amazon.de> SIZE=27930 Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 530 5.7.0 Must issue a STARTTLS command first Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: < smtp-out-127-108.amazon.com[176.32.127.108]: RSET Jan 16 16:52:21 myhost postfix/smtpd[5712]: > smtp-out-127-108.amazon.com[176.32.127.108]: 530 5.7.0 Must issue a STARTTLS command first Jan 16 16:52:21 myhost postfix/smtpd[5712]: watchdog_pat: 0x7fa2f92c07b0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: smtp_get: EOF Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? 127.0.0.0/8 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::ffff:127.0.0.0]/104 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostname: smtp-out-127-108.amazon.com ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_hostaddr: 176.32.127.108 ~? [::1]/128 Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: smtp-out-127-108.amazon.com: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: match_list_match: 176.32.127.108: no match Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr request = disconnect Jan 16 16:52:21 myhost postfix/smtpd[5712]: send attr ident = smtp:176.32.127.108 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: status Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute value: 0 Jan 16 16:52:21 myhost postfix/smtpd[5712]: private/anvil: wanted attribute: (list terminator) Jan 16 16:52:21 myhost postfix/smtpd[5712]: input attribute name: (end) Jan 16 16:52:21 myhost postfix/smtpd[5712]: lost connection after EHLO from smtp-out-127-108.amazon.com[176.32.127.108] Jan 16 16:52:21 myhost postfix/smtpd[5712]: disconnect from smtp-out-127-108.amazon.com[176.32.127.108]
正如您記錄顯示的那樣,您提供的是 STARTTLS,並且正如您所指定的,
smtp_tls_security_level=encrypt
您的伺服器將不接受未加密的郵件連接。後綴手冊證實了這一點:
在“加密”TLS 安全級別,消息僅通過 TLS 加密會話發送。除非遠端 SMTP 伺服器支持 STARTTLS ESMTP 功能,否則 SMTP 事務將被中止。
後綴:調試傳入的 SMTP 連接
這是如何獲取有關該問題的更多資訊的秘訣
嘗試獲取有關導致問題的傳入 SMTP 連接的更多調試資訊。使用
debug_peer_list
配置選項:debug_peer_list = amazon.com