我正在尝试为我的 postfix 邮件服务器设置出站 TLS 加密。我创建了一个 CSR,它具有以下属性:
Attributes:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
F5:B0:EC:DF:81:32:10:12:DC:60:86:54:D2:03:77:5C:21:C2:EA:2B
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
Netscape Cert Type:
SSL Client, SSL Server, S/MIME, Object Signing
我将此 CSR 发送到证书颁发机构 (GoDaddy),返回的证书具有以下属性:
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
对于我的后缀 main.cf 文件:
### Client Side:
smtp_tls_security_level = may
smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/ca/mykey.pem
smtp_tls_cert_file = /etc/postfix/ca/mycert.pem
smtp_tls_CAfile = /etc/postfix/ca/gd_cacert.crt.pem
smtp_tls_loglevel = 3
但是,当我发送邮件并查看收到邮件的来源时,标头看起来没有任何 TLS 加密:
Received: from ZZZZZZ by YYYYY with Microsoft SMTP Server (TLS) via Mailbox Transport;
Received: from YYYYY by XXXXXX with Microsoft SMTP Server (TLS) ;
Received: from XXXXX by office365 with Microsoft SMTP Server (TLS) id via Frontend Transport;
Authentication-Results: spf=none (sender IP is 000000 )
smtp.mailfrom=postfixserver; dkim=none (message not signed) dmarc=none action=none header.from= postfixserver;
Received-SPF: None (postfix server does not designate permitted sender hosts)
Received: from postfixserver by office365 (1.1.1.1) with Microsoft SMTP Server (TLS) via Frontend Transport;
Received: by postfixserver (Postfix, from userid 0)
是否有任何我缺少的 cert/config 设置可以使此功能正常工作?