我在设置Postfix做STARTTLS时遇到了很多麻烦。 看来,我可以使用Thunderbird成功发送外发邮件。 但是,我似乎无法让邮递员SMTP的Wordpress与STARTTLS和PLAIN AUTH工作。
我configuration我的防火墙只打开端口25:
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW,RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:memcache REJECT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable LOG all -- anywhere anywhere LOG level warning DROP all -- anywhere anywhere main.cf:
#http://www.postfix.org/TLS_README.html#server_tls myhostname = host.com myorigin = /home/mail mydomain = host..com mydestination = $myhostname, localhost, localhost.$mydomain, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all alias_maps = hash:/home/etc/postfix/aliases alias_database = hash:/home/etc/postfix/aliases smtpd_use_tls=yes smtp_use_tls=yes smtpd_tls_received_header = yes smtpd_tls_auth_only = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_cert_file=/home/keys/postfix/certs/certificate-self.crt smtpd_tls_key_file=/home/keys/postfix/private/private-key.key smtpd_tls_CAfile = /home/keys/postfix/certs/cacert.pem smtpd_tls_security_level=may smtp_tls_security_level=may smtpd_tls_protocols = !SSLv2, !SSLv3, TLSv1 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL smtpd_tls_loglevel = 4 tls_preempt_cipherlist = yes smtpd_tls_mandatory_ciphers = high smtpd_tls_ciphers = high smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers smtp_tls_ciphers = $smtpd_tls_ciphers lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers lmtp_tls_ciphers = $smtpd_tls_ciphers smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject smtpd_sasl_security_options = noanonymous milter_protocol = 2 milter_default_action = accept smtpd_milters = inet:localhost:12301 non_smtpd_milters = inet:localhost:12301
master.cf:
smtp inet n - n - - smtpd -v submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=no -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth
dovecot.conf:
disable_plaintext_auth = no mail_privileged_group = mail mail_location = maildir:/home/mail userdb { driver = passwd } passdb { driver = pam } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user=postfix group=postfix } } ssl=required ssl_cert = </home/keys/postfix/certs/certificate-self.crt ssl_key = </home/keys/postfix/private/private-key.key
maillog中:
host..com[74.2.3.193]: 220 2.0.0 Ready to start TLS Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: setting up TLS connection from host..com[74.2.3.193] Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: host..com[74.2.3.193]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH:!aNULL:!LOW:!EXP:!MEDIUM:!ADH:!AECDH:!MD5:!DSS:!ECDSA:!CAMELLIA128:!3DES:!CAMELLIA256:!RSA+AES:!eNULL" Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: send attr request = seed Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: send attr size = 32 Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: private/tlsmgr: wanted attribute: status Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: input attribute name: status Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: input attribute value: 0 Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: private/tlsmgr: wanted attribute: seed Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: input attribute name: seed Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: input attribute value: dgCi5kk5Jn2+7TS3B8+s9oB3mfQL426CwogdB8AWoxE= Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: private/tlsmgr: wanted attribute: (list terminator) Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: input attribute name: (end) Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: SSL_accept:before/accept initialization Feb 19 13:44:58 li86-193 postfix/smtpd[16864]: read from 56442DA22B30 [56442DA28110] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF)) Feb 19 13:45:01 li86-193 postfix/smtpd[16864]: read from 56442DA22B30 [56442DA28110] (11 bytes => 11 (0xB)) Feb 19 13:45:01 li86-193 postfix/smtpd[16864]: 0000 65 68 6c 6f 20 6c 6f 63|61 6c 68 ehlo loc alh Feb 19 13:45:01 li86-193 postfix/smtpd[16864]: SSL_accept:error in SSLv2/v3 read client hello A Feb 19 13:45:01 li86-193 postfix/smtpd[16864]: SSL_accept error from host..com[74.2.3.193]: -1 Feb 19 13:45:01 li86-193 postfix/smtpd[16864]: warning: TLS library problem: 16864:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:647:
telnet host.com 25:
ehlo localhost 250-host.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN starttls 220 2.0.0 Ready to start TLS ehlo localhost Connection closed by foreign host.
我可以打开到25端口-starttls罚款。
我一直在阅读和阅读,并没有去任何地方。 请帮我find我的错误。 非常感谢您的帮助。