- 论坛徽章:
- 1
|
本帖最后由 smallfish 于 2014-05-25 15:56 编辑
参考论坛的一篇文章做了SSL 配置,文章地址:
http://bbs.chinaunix.net/thread-1664576-1-1.html
证书这些生成和文件配置应该都没问题,我得Postfix 版本是2.7.3,现在主要问题是:
1).在客户端用SSL测试发送邮件的时候提示:Could not connect to SMTP host: 10.155.34.117, port: 465
2). 邮件服务器错误日志:
May 22 15:12:52 mail postfix/smtpd[26952]: initializing the server-side TLS engine
May 22 15:12:52 mail postfix/smtpd[26952]: connect from unknown[10.155.36.240]
May 22 15:12:52 mail postfix/smtpd[26952]: setting up TLS connection from unknown[10.155.36.240]
May 22 15:12:52 mail postfix/smtpd[26952]: unknown[10.155.36.240]: TLS cipher list "ALL:!EXPORT:!LOW:+RC4 STRENGTH"
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept:before/accept initialization
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept:SSLv3 read client hello B
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept:SSLv3 write server hello A
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept:SSLv3 write certificate A
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept:SSLv3 write server done A
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept:SSLv3 flush data
May 22 15:12:52 mail postfix/smtpd[26952]: SSL3 alert read:fatal:certificate unknown
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept:failed in SSLv3 read client certificate A
May 22 15:12:52 mail postfix/smtpd[26952]: SSL_accept error from unknown[10.155.36.240]: 0
May 22 15:12:52 mail postfix/smtpd[26952]: warning: TLS library problem: 26952:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1197:SSL alert number 46:
May 22 15:12:52 mail postfix/smtpd[26952]: lost connection after CONNECT from unknown[10.155.36.240]
May 22 15:12:52 mail postfix/smtpd[26952]: disconnect from unknown[10.155.36.240]
客户端测试的错误是:
无法连接服务器 10.155.34.117 465 端口。
Main.cf 关于SSL的配置如下:
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/pki/myca/testkey.pem
smtpd_tls_cert_file = /etc/pki/myca/testcert.pem
smtpd_tls_CAfile = /etc/pki/myca/cacert.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
#smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
# TLS setting for smtp client
smtp_use_tls = yes
smtp_tls_key_file = /etc/pki/myca/testkey.pem
smtp_tls_cert_file = /etc/pki/myca/testcert.pem
smtp_tls_CAfile = /etc/pki/myca/cacert.pem
Master.cf相关配置如下:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
[root@mail ~]# netstat -anp|grep 465
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 27278/master
unix 2 [ ] DGRAM 11308 1465/courierlogger
[root@mail ~]# netstat -anp|grep 587
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 27278/master
udp 424 0 0.0.0.0:45874 0.0.0.0:* 18595/slockd (idle)
网上也查了很多文章,看起来应该都没错,不知道为什么就是不能用465端口发送邮件? |
|
免费注册
发表于 2014-05-22 15:38
