我以为我成功保护了我的Postfix / Dovecot电子邮件服务器.我有来自LetsEncrypt的签名证书,该证书对我的域名有效.
发送和发送接收工作正常,但由于Gmail开始标记不安全的电子邮件,从我的服务器发送的所有邮件都标记为未加密.
在Postfix的main.cf,以及其他设置中,我有:
# SASL,for SMTP authentication smtpd_sasl_type = dovecot smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_path = private/auth # TLS,for encryption smtpd_tls_security_level = may smtpd_tls_auth_only = no smtpd_tls_CAfile = /etc/letsencrypt/live/mydomain.com/chain.pem smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem tls_random_source = dev:/dev/urandom smtpd_client_new_tls_session_rate_limit = 10 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_exclude_ciphers = EXP EDH-RSA-DES-CBC-SHA ADH-DES-CBC-SHA DES-CBC-SHA SEED-SHA smtpd_tls_dh512_param_file = ${config_directory}/certs/dh_512.pem smtpd_tls_dh1024_param_file = ${config_directory}/certs/dh_1024.pem disable_vrfy_command = yes smtpd_helo_required = yes smtpd_delay_reject = yes
在Postfix的master.cf中,除了其他设置之外,我还有:
smtp inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_use_tls=yes -o smtpd_tls_security_level=encrypt submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o broken_sasl_auth_clients=yes
在Dovecot的10-ssl.conf中,除了其他设置外,我还有:
ssl = required ssl_ca = </etc/letsencrypt/live/mydomain.com/chain.pem ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
我通过将这两行添加到Postfix的main.cf来解决这个问题:
smtp_tls_security_level = may smtpd_tls_security_level = may
(我之前只设置了smtpd_tls_security_level,因为有一篇误导性文章说所有smtp_值都被折旧而有利于smtpd_.)
原文地址:https://www.jb51.cc/ubuntu/348661.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
