配置完了 Postfix 之后,用的是服务器 OpenSSL 自签名证书,客户端用的是 RoundCube 。但是发送邮件每次都提示 SSL 认证失败。请问是什么原因,因该如何解决?在网上搜索了,通过一个软连接到 /etc/ssl/ 目录下解决。但是我尝试了软连接和直接拷贝自签名证书到这个目录下,都返回 SSL 错误的提示。
下面是日志和 Postfix 的配置文件:
#/var/log/mail.log
Feb 12 22:42:11 hkb postfix/submission/smtpd[30399]: connect from localhost[::1]
Feb 12 22:42:11 hkb postfix/submission/smtpd[30399]: SSL_accept error from localhost[::1]: 0
Feb 12 22:42:11 hkb postfix/submission/smtpd[30399]: warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1294:SSL alert number 48:
Feb 12 22:42:11 hkb postfix/submission/smtpd[30399]: lost connection after STARTTLS from localhost[::1]
#/etc/postfix/master.cf
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
1
liuhaotian OP 不知道大家是否有什么解决方案?
|
2
kn007 2016-02-13 14:41:17 +08:00
|
3
kn007 2016-02-13 14:43:23 +08:00
再进阶就考虑添加对 protocols 和 ciphers 的限制。。
|
4
logtee 2016-02-14 01:12:57 +08:00
同样的错误
Feb 14 01:07:21 postfix/smtps/smtpd[23882]: connect from Feb 14 01:07:31 postfix/smtps/smtpd[23882]: SSL_accept error from : -1 Feb 14 01:07:31 postfix/smtps/smtpd[23882]: warning: TLS library problem: 23882:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:647: Feb 14 01:07:31 postfix/smtps/smtpd[23882]: lost connection after CONNECT from Feb 14 01:07:31 postfix/smtps/smtpd[23882]: disconnect from |