smtp with sasl & ssl/tls - Linux

By Mia
at 2019-05-12T10:59

Table of Contents

請教各位大大，因工作需求，smtp需有SASL驗證以及ss/tls加密，於VM環境將一切設定搞
妥之後，先用telnet試試有無問題：
--------------------------------------------------
[root@test-smtp postfix]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 smtp1.twcc.ai ESMTP
ehlo localhost
250-smtp1.twcc.ai
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
220 2.0.0 Ready to start TLS
quit
quit
Connection closed by foreign host.
--------------------------------------------------
結果顯示都是OK的，但如果此時看maillog，會出現error訊息，此訊息會導致465 port無
作用：
--------------------------------------------------
May 12 10:44:10 test-smtp postfix/smtpd[17030]: connect from localhost[::1]
May 12 10:44:21 test-smtp postfix/smtpd[17030]: SSL_accept error from
localhost[::1]: -1
May 12 10:44:21 test-smtp postfix/smtpd[17030]: warning: TLS library problem:
17030:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol:s23_srvr.c:640:
May 12 10:44:21 test-smtp postfix/smtpd[17030]: lost connection after
STARTTLS from localhost[::1]
May 12 10:44:21 test-smtp postfix/smtpd[17030]: disconnect from localhost[::1]
--------------------------------------------------
請問有人遇過這種問題嗎，能否給小弟建議呢，感謝。

我的main.cf：
--------------------------------------------------
[root@test-smtp ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = twcc.ai
myhostname = smtp1.twcc.ai
mynetworks = 192.168.10.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_unauth_destination, reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net, reject_rbl_client cblless.anti-spam.org.cn,
reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service
unix:/var/spool/postfix/postgrey/socket
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/rootca.crt
smtpd_tls_cert_file = /etc/postfix/smtp1.twcc.ai.crt
smtpd_tls_key_file = /etc/postfix/smtp1.twcc.ai.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
--------------------------------------------------

我的master.cf僅修改一小部分：
--------------------------------------------------
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
--------------------------------------------------

firewall及selinux已關閉。

--

Tags: Linux