服务器 Gind.cn
  1. 服务器 Gind.cn
  3. WordPress,Roundcube和Postfix TLS库错误
Intereting Posts
Hyper-V 2012 R2复制故障转移HA 用Apache更新SSL证书 GETATTR问题与Linux和netapp Linux主机不响应ICMPv6数据包太大消息而以较小的数据包大小进行重新传输 外部组件引发的exception。 ASP.NET ASPX页面POST 使用CloudFlare将wwwredirect到裸域 MySQL无法连接到数据库 你应该在硬盘上留出多less空间? 在Windows CLI中匹配string的反向 Weblogic在升级后缓解POODLE漏洞并仍然使用CBC密码 空闲jenkins占用大约700 MB的RAM Puppet – 如果模块失败,不要停止清单执行 代理自动configuration(PAC)dnsResolve()函数返回值 使用sendmail和SASL,Ubuntu 10.04进行纯文本login 在启用了配额的故障转移群集中添加共享需要10分钟

WordPress,Roundcube和Postfix TLS库错误

大家好我有这个问题,当试图用roundcube和后缀Wordpress。 这里是我的设置,我有2个Debian-Jessie服务器(web(nginx)/ DB(mysql)/ roundcube(web界面))和(邮件服务器/ postfix)。 我想我的WordPress的网站使用我的邮件服务器。 我可以接收和发送电子邮件与Roundcube,但是当我尝试与端口25或其他端口上的wordpress我得到这个错误: 

TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1315:SSL alert number 48

这是我尝试testing邮件服务器时的结果: 

 Connecting to XX.XX.XX.XXX 220 mail.example.com ESMTP Postfix (Debian/GNU) [2219 ms] EHLO PWS3.mxtoolbox.com 250-mail.example.com 250-PIPELINING 250-SIZE 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN [797 ms] MAIL FROM:<[email protected]> 250 2.1.0 Ok [828 ms] RCPT TO:<[email protected]> 454 4.7.1 <[email protected]>: Relay access denied [828 ms] PWS3v2 6594ms

这是我的后缀conf: 

 # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mail.example.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = mail.example.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf inet_protocols = all smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql- virtual_recipient.cf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $reloc$ smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql- virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql- virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql- virtual_sender_login_maps.cf smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL

这是Roundcubeconfiguration文件: 

 $config = array(); /* Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database ! */ include_once("/etc/roundcube/debian-db-roundcube.php"); // The mail host chosen to perform the log-in. // Leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // Supported replacement variables: // %n - hostname ($_SERVER['SERVER_NAME']) // %t - hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %t = domain.tld $config['default_host'] = 'mail.example.com'; $rcmail_config['force_https'] = true; // SMTP server host (for sending mails). // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // If left blank, the PHP mail() function is used // Supported replacement variables: // %h - user's IMAP hostname // %n - hostname ($_SERVER['SERVER_NAME']) // %t - hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %z - IMAP domain (IMAP hostname without the first part) // For example %n = mail.domain.tld, %t = domain.tld $config['smtp_server'] = 'tls://mail.example.com'; // SMTP port (default is 25; use 587 for STARTTLS or 465 for the // deprecated SSL over SMTP (aka SMTPS)) $config['smtp_port'] = 587; //az go slojih $config['smtp_auth_type'] = 'PLAIN'; // SMTP username (if required) if you use %u as the username Roundcube // will use the current username for login $config['smtp_user'] = '%u'; // SMTP password (if required) if you use %p as the password Roundcube // will use the current user's password for login $config['smtp_pass'] = '%p'; // provide an URL where a user can get support for this Roundcube installation // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! $config['support_url'] = 'www.mainwebsite.com'; // Name your service. This is displayed on the login screen and in the window title $config['product_name'] = 'MainWebsite Webmail'; // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS $config['des_key'] = 'FD71g6CQxVtyM]G3jJpjPH[r'; // List of active plugins (in plugins/ directory) $config['plugins'] = array( 'archive', 'zipdownload', ); // skin name: folder from skins/ $config['skin'] = 'classic'; // ---------------------------------- // PLUGINS // ---------------------------------- // List of active plugins (in plugins/ directory) //$rcmail_config['plugins'] = array(); $rcmail_config['plugins'] = array("jqueryui", "ispconfig3_account", "ispconfig3_autoreply", "ispconfig3_pass", "ispconfig3_spam", "ispconfig3_fetchmail", "ispconfig3_filter"); // az go addnah za da prashtam emails uj $config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );

我已经读过关于这个问题的其他几个post,似乎我搞砸了证书? 我的主服务器(web和roundcube接口所在的地方)正在使用Let's Encrypt证书,而我没有在邮件服务器上使用它。 如果你们需要更多的信息,请问,我有点困惑,我做错了什么。