Fatal编程技术网
  • email/
  • Email 使用Postfix为邮件服务器设置TLS加密

Email 使用Postfix为邮件服务器设置TLS加密

email

Email 使用Postfix为邮件服务器设置TLS加密,email,ssl-certificate,postfix-mta,mail-server,tls1.2,Email,Ssl Certificate,Postfix Mta,Mail Server,Tls1.2,我正在尝试为我的postfix邮件服务器设置出站TLS加密。 我创建了一个CSR,它具有以下属性: Attributes: Requested Extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: F5:B0:EC:DF:81:32:10:12:DC:60:86:54:D2:03:77:5C:

我正在尝试为我的postfix邮件服务器设置出站TLS加密。 我创建了一个CSR,它具有以下属性:

        Attributes:
    Requested Extensions:
        X509v3 Basic Constraints:
            CA:FALSE
        X509v3 Subject Key Identifier:
            F5:B0:EC:DF:81:32:10:12:DC:60:86:54:D2:03:77:5C:21:C2:EA:2B
        X509v3 Key Usage:
            Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
        Netscape Cert Type:
            SSL Client, SSL Server, S/MIME, Object Signing

X509v3 extensions:
        X509v3 Basic Constraints: critical
            CA:FALSE
        X509v3 Extended Key Usage:
            TLS Web Server Authentication, TLS Web Client Authentication
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 CRL Distribution Points:
我将此CSR发送给证书颁发机构(GoDaddy),返回的证书具有以下属性:

        Attributes:
    Requested Extensions:
        X509v3 Basic Constraints:
            CA:FALSE
        X509v3 Subject Key Identifier:
            F5:B0:EC:DF:81:32:10:12:DC:60:86:54:D2:03:77:5C:21:C2:EA:2B
        X509v3 Key Usage:
            Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
        Netscape Cert Type:
            SSL Client, SSL Server, S/MIME, Object Signing

X509v3 extensions:
        X509v3 Basic Constraints: critical
            CA:FALSE
        X509v3 Extended Key Usage:
            TLS Web Server Authentication, TLS Web Client Authentication
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 CRL Distribution Points:
对于我的postfix main.cf文件:

### Client Side:
smtp_tls_security_level = may
smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/ca/mykey.pem
smtp_tls_cert_file = /etc/postfix/ca/mycert.pem
smtp_tls_CAfile = /etc/postfix/ca/gd_cacert.crt.pem
smtp_tls_loglevel = 3
但是,当我发送邮件并查看收到邮件的来源时,邮件头看起来没有任何TLS加密:

Received: from ZZZZZZ by YYYYY with Microsoft SMTP Server (TLS)  via Mailbox Transport;
Received: from YYYYY by XXXXXX with Microsoft SMTP Server (TLS) ; 
Received: from XXXXX by office365  with Microsoft SMTP Server (TLS) id via Frontend Transport;
Authentication-Results: spf=none (sender IP is 000000 )
 smtp.mailfrom=postfixserver; dkim=none (message not signed) dmarc=none action=none header.from= postfixserver;
Received-SPF: None (postfix server does not designate permitted sender hosts)
Received: from postfixserver by office365  (1.1.1.1) with Microsoft SMTP Server (TLS)  via Frontend Transport;
Received: by postfixserver (Postfix, from userid 0)
是否有我缺少的任何证书/配置设置允许此功能正常工作?

您的Postfix main.cf配置看起来正确。很可能您已经通过TLS发送邮件,但您的下一个跃点没有在邮件标题中显示它。 我在向Microsoft(office365)、gmail和yahoo发送邮件时遇到了类似的问题。邮件头并不表示我是通过TLS发送的,这是因为我的ssl证书不匹配。为了验证,我还向邮件服务器位于本地的朋友发送了邮件。由于他们的邮件服务器未配置为从发件人中删除TLS,因此标题显示我使用TLS加密发送,但无法验证我的证书真实性。 我建议确保您的证书公用名与您的邮件服务器域名匹配