TLS를 사용한 이메일 전송이 작동하지 않습니다. 작동하지 않습니다. tls_policy_file 사본(Gmail을 보안으로 변경하면 TLS가 필요하다는 오류가 발생함):
cat /etc/postfix/tls_policy
gmail.com may
main.cf 복사본
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 14400s
maximal_queue_lifetime = 1d
milter_default_action = accept
minimal_backoff_time = 3600s
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = abc.com
mynetworks = 10.5.78.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_pix_workarounds = delay_dotcrlf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_milters = inet:127.0.0.1:8891
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/pki/tls/certs/abc-int-cert.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/abc.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/abc.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
답변1
이 정책을 사용 secure
하고 Gmail 컴퓨터가 서명된 인증서를 사용하는 경우 이 속성을 적절한 값으로 설정 mx.google.com
해야 합니다 .match
gmail.com secure match=mx.google.com:.mx.google.com
.gmail.com secure match=mx.google.com:.mx.google.com
문서 보기smtp_tls_verify_cert_match
그리고smtp_tls_secure_cert_match
사양.