[問題] smtp with sasl & ssl/tls

看板Linux作者coodie (酷迪)時間6年前 (2019/05/12 10:59)推噓0(0推 0噓 12→)

留言12則, 3人參與討論串1/1

請教各位大大，因工作需求，smtp需有SASL驗證以及ss/tls加密，於VM環境將一切設定搞妥之後，先用telnet試試有無問題： -------------------------------------------------- [root@test-smtp postfix]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 smtp1.twcc.ai ESMTP ehlo localhost 250-smtp1.twcc.ai 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN starttls 220 2.0.0 Ready to start TLS quit quit Connection closed by foreign host. -------------------------------------------------- 結果顯示都是OK的，但如果此時看maillog，會出現error訊息，此訊息會導致465 port無作用： -------------------------------------------------- May 12 10:44:10 test-smtp postfix/smtpd[17030]: connect from localhost[::1] May 12 10:44:21 test-smtp postfix/smtpd[17030]: SSL_accept error from localhost[::1]: -1 May 12 10:44:21 test-smtp postfix/smtpd[17030]: warning: TLS library problem: 17030:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: May 12 10:44:21 test-smtp postfix/smtpd[17030]: lost connection after STARTTLS from localhost[::1] May 12 10:44:21 test-smtp postfix/smtpd[17030]: disconnect from localhost[::1] -------------------------------------------------- 請問有人遇過這種問題嗎，能否給小弟建議呢，感謝。我的main.cf： -------------------------------------------------- [root@test-smtp ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = twcc.ai myhostname = smtp1.twcc.ai mynetworks = 192.168.10.0/24, 127.0.0.0/8 mynetworks_style = subnet myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 smtp_tls_note_starttls_offer = yes smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1 smtp_use_tls = yes smtpd_banner = $myhostname ESMTP smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cblless.anti-spam.org.cn, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service unix:/var/spool/postfix/postgrey/socket smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/rootca.crt smtpd_tls_cert_file = /etc/postfix/smtp1.twcc.ai.crt smtpd_tls_key_file = /etc/postfix/smtp1.twcc.ai.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 -------------------------------------------------- 我的master.cf僅修改一小部分： -------------------------------------------------- smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -------------------------------------------------- firewall及selinux已關閉。 -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 114.37.149.152 ※ 文章網址: https://www.ptt.cc/bbs/Linux/M.1557629966.A.1E0.html