我用Letsencrypt证书设置了https://hub.docker.com/r/tvial/docker-mailserver/ ,它似乎工作。
例如,使用openssl,我可以连接:
openssl s_client -host test-mail.zedeler.dk -port 993 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = test-mail.zedeler.dk verify return:1 --- Certificate chain 0 s:/CN=test-mail.zedeler.dk i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFCzCCA/OgAwIBAgISAxJ39Kupidovpu/Of4I2WSw9MA0GCSqGSIb3DQEBCwUA [SNIP] -----END CERTIFICATE----- subject=/CN=test-mail.zedeler.dk issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3131 bytes and written 431 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 521C004DD2D234312D9AAF19C2CB985656676FCAE36088172CEE0064C299A990 Session-ID-ctx: Master-Key: 68EC9097F387404A889745B92A39C7B6713FB0495DA52C486ABF88577CEF9FA4A5C8B15419B9AFC5EB817742C17CFC62 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - da bd 65 db bd 9f d7 c7-25 07 91 31 13 aa 2b 5a [SNIP] Start Time: 1505919651 Timeout : 300 (sec) Verify return code: 0 (ok) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 capability * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN 1 OK Pre-login capabilities listed, post-login capabilities have more. 2 id * ID ("name" "Dovecot") 2 OK ID completed. 3 plain 3 BAD Error in IMAP command received by server. 4 authenticate plain + [SNIP] * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE 4 OK Logged in 5 list "" * * LIST (\HasNoChildren \Trash) "." Trash * LIST (\HasNoChildren \Sent) "." Sent * LIST (\HasNoChildren \Drafts) "." Drafts * LIST (\HasNoChildren) "." INBOX 5 OK List completed (0.000 + 0.000 secs). 看起来,证书链的工作原理应该是这样的:
https://ssl-tools.net/mailservers/test-mail.zedeler.dk
但是,当我尝试在Thunderbird中设置帐户时,我收到令人沮丧的消息“Thunderbird未能find您的电子邮件帐户的设置”。 我可以从服务器日志中看到,Thunderbird只build立TLS连接并重新断开连接。 它不会尝试login。
我已经尝试在Thunderbird中打开debugging,但似乎帐户设置面板不会产生任何debugging输出。
我已经testing了与Evolution相同的设置,并且可以开箱即用。
有什么build议么?
如果您启用邮件服务器上的提交端口(587),Thuderbird可能会更快乐。 通常这将被configuration为使用STARTTLS,并在接受电子邮件之前要求进行身份validation。 通过authentication的用户通常可以发送电子邮件到任何有效的地址。
访问提交端口很less被ISP阻止,而端口25经常被阻止。 使用端口25将会限制你漫游的能力。
我发现我使用的设置只有端口25可用于STARTSSL。 雷鸟没有认识到这一点,但是当我明确指出,它的工作。