Email Thunderbird未连接到Postfix/Dovecot。网络邮件有效
Thunderbird未连接到Postfix/Dovecot。Email Thunderbird未连接到Postfix/Dovecot。网络邮件有效,email,postfix-mta,thunderbird,dovecot,Email,Postfix Mta,Thunderbird,Dovecot,Thunderbird未连接到Postfix/Dovecot。 我的webmail界面与登录一起工作(name@domain.tld+密码), 传入(SSL/TLS,端口993)和传出消息(STARTTLS,端口587)。 我做了一点调试,知道一定是证书错误。 请问这里有人知道如何修理吗? 这是带有SSL调试的my mail.log: Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: elliptic curve secp384r
我的webmail界面与登录一起工作(name@domain.tld+密码),
传入(SSL/TLS,端口993)和传出消息(STARTTLS,端口587)。
我做了一点调试,知道一定是证书错误。
请问这里有人知道如何修理吗?
这是带有SSL调试的my mail.log:
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [x.x.x.x]
Apr 26 16:57:28 m123851 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [x.x.x.x]
Apr 26 16:57:29 m123851 dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=560: fatal unknown CA [x.x.x.x]
Apr 26 16:57:29 m123851 dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [x.x.x.x]
Apr 26 16:57:29 m123851 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=192.x.x.x, lip=85.x.x.x, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=<NDYo2aEUWQAfBhbN>
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:椭圆曲线secp384r1将用于ECDH和ECDHE密钥交换
4月26日16:57:28 m123851 dovecot:imap登录:调试:SSL:椭圆曲线secp384r1将用于ECDH和ECDHE密钥交换
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x10,ret=1:before/accept初始化[x.x.x.x]
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2001,ret=1:before/accept初始化[x.x.x.x]
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2002,ret=-1:未知状态[x.x.x.x]
4月26日16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2001,ret=1:SSLv3读取客户端hello A[x.x.x.x]
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2001,ret=1:SSLv3写入服务器hello A[x.x.x.x]
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2001,ret=1:SSLv3写入证书A[x.x.x.x]
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2001,ret=1:SSLv3写密钥交换A[x.x.x.x]
4月26日16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2001,ret=1:SSLv3写入服务器已完成[x.x.x.x]
4月26日16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2001,ret=1:SSLv3刷新数据[x.x.x.x]
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2002,ret=-1:SSLv3读取客户端证书A[x.x.x.x]
Apr 26 16:57:28 m123851 dovecot:imap登录:调试:SSL:where=0x2002,ret=-1:SSLv3读取客户端证书A[x.x.x.x]
Apr 26 16:57:29 m123851 dovecot:imap登录:警告:SSL警报:其中=0x4004,ret=560:致命未知CA[x.x.x.x]
Apr 26 16:57:29 m123851 dovecot:imap登录:警告:SSL失败:其中=0x2002:SSLv3读取客户端证书A[x.x.x.x]
4月26日16:57:29 m123851 dovecot:imap登录:断开连接(1秒内无身份验证尝试):用户=,rip=192.x.x,lip=85.x.x.x,TLS握手:SSL_接受()失败:错误:14094418:SSL例程:SSL3_读取字节:tlsv1警报未知ca:SSL警报编号48,会话=
#记录SSL问题
verbose_ssl=yes
ssl=必需
ssl_cert=Thunderbird希望dovecot向其提供验证连接所需的证书(中间证书或自签名CA证书)。查看中的“链接SSL证书”
您可以通过将中间证书添加到SSL证书文件(/etc/SSL/certs/imap.pem
或您的SSL\u证书所指向的任何位置)来解决此问题。如果您从供应商处获得SSL证书,他们应该有关于如何获得中间证书的说明。我在帖子中添加了我的dovecot SSL配置文件。dovecot.pem包含“localhost”作为通用名称。如何添加自签名链式ssl证书,使其不仅适用于localhost,而且适用于三个域加上localhost:127.0.0.1、domain1.tld、domain2.tld、domain3.tld?请举例说明您的解决方案好吗?您是否尝试过将所有这些证书粘贴到ssl\U证书文件中?是的,但dovecot无法重新启动。它在mail.err日志中显示“dovecot:imap登录:致命:无法加载私有ssl_密钥:密钥用于与ssl_证书不同的证书”。您是否将imap.pem中的证书保留在那里?只需在常规证书之后添加中介证书,但将它们全部保存在该文件中。是的。然后添加域证书内容+根ca证书内容。
# Log SSL problems
verbose_ssl = yes
ssl = required
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_protocols = !SSLv3 !SSLv2
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+
SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+
CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:
!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:
AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_prefer_server_ciphers = yes