0

我有 Exim4-heavy,GunTLS

它配置正确,邮件工作正常

突然我无法使用 TLS 但是 SSL 证书已经过验证

当我远程登录到端口 465 时,它给出了

# telnet localhost 465
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo foo

Connection closed by foreign host.

但是当我远程登录到端口 587

# telnet localhost 587
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 box01.xxxxxxxxx.com ESMTP Exim 4.90_1 Ubuntu Wed, 29 Apr 2020 15:49:41 +0200
ehlo foo
250-box01.xxxxxxxxx.com Hello foo [127.0.0.1]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-CHUNKING
250-STARTTLS
250-PRDR
250 HELP
starttls
220 TLS go ahead
ehlo foo

Connection closed by foreign host.

我没有更新配置中的任何内容,它在 5 天前就可以工作

我在日志中也有很多这样的错误

2020-04-29 15:50:02 TLS error on connection from (foo) [127.0.0.1]:55212 I=[127.0.0.1]:587 (gnutls_handshake): An unexpected TLS packet was received.
4

1 回答 1

0

exim4 也有类似的问题。我将分享一些我为使其工作而进行的配置。

    echo "IGNORE_SMTP_LINE_LENGTH_LIMIT='true'" >> /etc/exim4 exim4.conf.localmacros
    echo "REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *">> /etc/exim4/exim4.conf.localmacros
    echo "REQUIRE_PROTOCOL = smtps">> /etc/exim4/exim4.conf.localmacros
    echo "MAIN_HARDCODE_PRIMARY_HOSTNAME = localhost" >> /etc/exim4/exim4.conf.localmacros

    echo "MAIN_TLS_ENABLE = 1">> /etc/exim4/exim4.conf.localmacros
    echo "MAIN_TLS_CERTIFICATE=/opt/ssl/localhost.pem" >> /etc/exim4/exim4.conf.localmacros
    echo "MAIN_TLS_PRIVATEKEY=/opt/ssl/localhost-key.pem" >> /etc/exim4/exim4.conf.localmacros
    echo "daemon_smtp_ports = 25 : 465" >> etc/exim4/exim4.conf.localmacros
    echo "tls_on_connect_ports = 465" >> /etc/exim4/exim4.conf.localmacros
    
    echo "dc_other_hostnames='localhost'" >> /etc/exim4/update-exim4.conf.conf
    echo "dc_eximconfig_configtype='satellite'" >> /etc/exim4/update-exim4.conf.conf
    echo "dc_smarthost='localhost::465'" >> /etc/exim4/update-exim4.conf.conf

我还确保允许 exim 读取证书。

chown root:Debian-exim /opt/ssl/key.pem
chown root:Debian-exim /opt/ssl/cert.pem
chmod 640 /opt/ssl/key.pem
chmod 640 /opt/ssl/cert.pem
于 2020-12-29T08:33:46.147 回答