我正在build立一个Debian 8的新服务器.Exim4预装了,我正在尝试让TLS工作。
我已将snakeoil密钥和证书复制到/ etc / exim4文件夹中,并设置了正确的权限和所有权:
-r--r----- 1 root Debian-exim 1704 Sep 28 20:01 ssl-cert-snakeoil.key -r--r----- 1 root Debian-exim 1257 Sep 28 20:01 ssl-cert-snakeoil.pem 我在Exim4中configuration了这些
然后从第二台服务器尝试连接到SMTP,然后像这样启动TLS:
root@second: ~# telnet mynewserver.net.au 25 Trying xxx.xxx.xxx.xxx... Connected to mynewserver.net.au. Escape character is '^]'. 220 mynewserver.net.au ESMTP Exim 4.84_2 Wed, 28 Sep 2016 20:12:12 +1000 ehlo second 250-mynewserver.net.au Hello second [xxx.xxx.xxx.xxx] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250 HELP STARTTLS 454 TLS currently unavailable
而从mynewserver的debugging日志看起来像这样:
665 SMTP>> 250-mynewserver.net.au Hello second [xxx.xxx.xxx.xxx] 665 250-SIZE 52428800 665 250-8BITMIME 665 250-PIPELINING 665 250-STARTTLS 665 250 HELP 665 SMTP<< STARTTLS 665 initialising GnuTLS as a server 665 GnuTLS global init required. 665 initialising GnuTLS server session 665 Expanding various TLS configuration options for session credentials. 665 certificate file = '/etc/exim4/ssl-cert-snakeoil.pem' 665 key file = '/etc/exim4/ssl-cert-snakeoil.key' 665 LOG: MAIN 665 TLS error on connection from second (second) [xxx.xxx.xxx.xxx] (cert/key setup: cert='/etc/exim4/ssl-cert-snakeoil.pem' key='/etc/exim4/ssl-cert-snakeoil.key'): Error while reading file. 665 SMTP>> 454 TLS currently unavailable
我已经检查了证书,证书的密钥和证书是否匹配,如下面的模数是相同的testing:
root@mynewserver: exim4# openssl x509 -noout -modulus -in ssl-cert-snakeoil.pem | openssl md5 (stdin)= 4d56fe03bcdc3103788344d0d7a2eb8d root@mynewserver: exim4# openssl x509 -noopenssl rsa -noout -modulus -in ssl-cert-snakeoil.key | openssl md5 (stdin)= 4d56fe03bcdc3103788344d0d7a2eb8d
我还configuration了新的服务器以允许Debian-eximlogin,login并能够毫无问题地查看证书文件。
我所有的研究都发现证书的可读性,正确的内容,匹配和正确的权限,或正确地在exim4configuration中指定的问题。 我已经涵盖了所有这些领域,但仍然失败。
你有什么想法,我应该检查下一个?