EC2 上使用 SSL 的 Dovecot/Postfix

tag-icon tag-icon amazon-ec2 ssl postfix dovecot
EC2 上使用 SSL 的 Dovecot/Postfix

我一直在運行一個教程:http://www.cerebellumstrategies.com/amazon-linux-postfix-dovecot/整個教程中的所有內容都有效,直到檢查身份驗證。

在實例內部,我可以運行:

[ec2-user@domU-... ~]$ openssl s_client -starttls smtp -connect localhost:25
CONNECTED(00000003)
didn't found starttls in server response, try anyway...
140326462789448:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:699:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 238 bytes and written 148 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
[ec2-user@domU-12-31-39-05-61-27 ~]$

但從我自己的筆記型電腦來看:

Drew-Sonnes-MacBook-Pro:~ drew$ openssl s_client -starttls smtp -connect mail.symbiosislaboratories.com:25
connect: Connection refused
connect:errno=61

我在我的安全群組中開啟了連接埠 25(並且已經開放了幾週)。為了調試我的問題,我關閉了 iptables:

[ec2-user@domU-... ~]$ sudo service iptables status
iptables: Firewall is not running.

我已向 Amazon 請求開放我的反向 DNS 和連接埠 25,他們在幾天前就完成了該請求。我已確保我的 DNS 解析正確。我已經完成了教程,修復了拼寫錯誤,仔細檢查了我的設置,但找不到任何我做錯的地方。有其他人知道還有什麼可以阻止這種情況嗎?

答案1

這是 SASL 的情況。 key是金鑰,pem是CA文件,crt和核發的ce​​rt。

/etc/dovecot/conf.d/main.cf:

readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
mailbox_size_limit = 0
allow_percent_hack = no
## Specify the keys/certificates
smtpd_tls_key_file = /etc/pki/tls/private/localhost.key
smtpd_tls_CAfile = /etc/pki/tls/cert.pem
smtpd_tls_cert_file = /etc/ssl/certs/localhost.crt
smtpd_tls_security_level = may
##

/etc/dovecot/master.cf:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet    n       -       n       -       -      smtpd    -o smtpd_sasl_auth_enable=yes
smtps     inet    n       -       n       -       -      smtpd    -o smtpd_sasl_auth_enable=yes

相關內容