我在 docker 容器内运行 Postfix。证书由 certbot 生成。
具有以下配置:
smtpd_tls_cert_file=/var/keys/fullchain.pem
smtpd_tls_key_file=/var/keys/privkey.pem
smtpd_use_tls=yes
smtp_tls_security_level = encrypt
每次尝试向 Gmail 发送电子邮件都会导致:
status=deferred (TLS is required but was not offered by host alt1.aspmx.l.google.co
当我更改smtp_tls_security_level
为时may
,电子邮件就会发出;但是,如果没有 TLS,则根本无法解决问题。
当我进行 openssl tls 检查时,一切似乎都很好;它没有将其附加到电子邮件中。
有谁知道我做错了什么?
禁用 ipv6 并添加 debug_peer_list 后登录:
Feb 8 10:50:24 92d95fdf2397 postfix/cleanup[489]: 2910E1667CE: message-id=<[email protected]>
Feb 8 10:50:24 92d95fdf2397 postfix/qmgr[481]: 2910E1667CE: from=<[email protected]>, size=6181, nrcpt=1 (queue active)
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: initializing the client-side TLS engine
Feb 8 10:50:24 92d95fdf2397 postfix/smtpd[485]: disconnect from ec2-54-154-126-37.eu-west-1.compute.amazonaws.com[54.154.126.37]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx.l.google.com[66.102.1.26]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host aspmx.l.google.com[66.102.1.26]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for alt1.aspmx.l.google.com[142.250.153.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host alt1.aspmx.l.google.com[142.250.153.27]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for alt2.aspmx.l.google.com[142.251.9.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host alt2.aspmx.l.google.com[142.251.9.27]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: smtp_stream_setup: maxtime=300 enable_deadline=0
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: < aspmx3.googlemail.com[142.251.9.27]:25: 220 ********************************************************************************
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: disable_esmtp
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: delay_dotcrlf
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx3.googlemail.com[142.251.9.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: > aspmx3.googlemail.com[142.251.9.27]:25: HELO mail.example.net
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: < aspmx3.googlemail.com[142.251.9.27]:25: 250 mx.google.com at your service
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: server features: 0x30000 size 0
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: TLS is required, but was not offered by host aspmx3.googlemail.com[142.251.9.27]
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: smtp_stream_setup: maxtime=300 enable_deadline=0
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: > aspmx3.googlemail.com[142.251.9.27]:25: QUIT
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: resource
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: name_mask: software
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx2.googlemail.com[142.250.153.27]:25
Feb 8 10:50:24 92d95fdf2397 postfix/smtp[490]: 2910E1667CE: to=<[email protected]>, relay=aspmx2.googlemail.com[142.250.153.27]:25, delay=0.37, delays=0.05/0.01/0.31/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host aspmx2.googlemail.com[142.250.153.27])