Назад | Перейти на главную страницу

Я не могу отправить сообщение с постфиксом. Ошибка: «Сначала необходимо ввести STARTTLS»

Я новичок в постфикс. Моя цель - использовать его с fan / nagios / centreon, чтобы получать уведомления. Я пробовал много решений, найденных на этом форуме или благодаря Google, но это не решило мою проблему.

Мой сервер основан на версии 5.11 Centos (FAN v2.4 /)

Когда я пытаюсь отправить письмо со своего сервера, у меня всегда возникает одна и та же проблема: "Сначала необходимо ввести команду STARTTLS "

Мои журналы:

    ==> /var/log/maillog <==

Mar 16 12:45:16 myserver postfix/cleanup[24666]: 38E4E26ECAB: message-id=<20160316114516.38E4E26ECAB@myserver.localdomain>
Mar 16 12:45:16 myserver postfix/qmgr[24052]: 38E4E26ECAB: from=<nagios@myserver.localdomain>, size=602, nrcpt=1 (queue active)
Mar 16 12:45:16 myserver postfix/smtpd[24317]: connect from myserver[127.0.0.1]
Mar 16 12:45:16 myserver postfix/smtpd[24317]: 3DF4926ECA9: client=myserver[127.0.0.1]
Mar 16 12:45:16 myserver postfix/cleanup[24319]: 3DF4926ECA9: message-id=<20160316114516.3DF4926ECA9@myserver.localdomain>
Mar 16 12:45:16 myserver postfix/qmgr[24052]: 3DF4926ECA9: from=<nagios@localhost.localdomain>, size=1355, nrcpt=1 (queue active)
Mar 16 12:45:16 myserver postfix/smtpd[24317]: disconnect from myserver[127.0.0.1]
Mar 16 12:45:16 myserver postfix/pickup[24051]: 4BA7026ECAD: uid=100 from=<nagios>
Mar 16 12:45:16 myserver postfix/cleanup[24186]: 4BA7026ECAD: message-id=<20160316114516.4BA7026ECAD@myserver.localdomain>
Mar 16 12:45:16 myserver postfix/qmgr[24052]: 4BA7026ECAD: from=<nagios@myserver.localdomain>, size=528, nrcpt=1 (queue active)
Mar 16 12:45:16 myserver postfix/smtp[24335]: F237226ECA3: to=<my.email@outlook.com>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.54, delays=0.02/0/0.39/0.13, dsn=5.7.0, status=bounced (host smtp-mail.outlook.com[65.55.176.126] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
Mar 16 12:45:16 myserver postfix/smtp[24662]: D5B4226EC9F: to=<my.email@outlook.com>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.65, delays=0.07/0/0.45/0.13, dsn=5.7.0, status=bounced (host smtp-mail.outlook.com[65.55.176.126] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
Mar 16 12:45:16 myserver postfix/smtp[24399]: 0377526ECA1: to=<my.email@outlook.com>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.57, delays=0.04/0/0.39/0.13, dsn=5.7.0, status=bounced (host smtp-mail.outlook.com[65.55.176.126] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
Mar 16 12:45:16 myserver postfix/cleanup[24666]: AC06326ECB0: message-id=<20160316114516.AC06326ECB0@myserver.localdomain>
Mar 16 12:45:16 myserver postfix/cleanup[24186]: AC18526ECB1: message-id=<20160316114516.AC18526ECB1@myserver.localdomain>

мой main.cf: nano /etc/postfix/main.cf

inet_interfaces = localhost

mydestination = $myhostname, localhost.$mydomain, localhost

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

data_directory = /var/lib/postfix

###Outlok SSL SMTP RELAY
relayhost = [smtp-mail.outlook.com]:587

#authentification
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/pki/tls/outlook_relay/server.key
smtp_tls_cert_file=/etc/pki/tls/outlook_relay/server.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
smtp_tls_enforce_peername = no

Мои сертификаты:

# pwd
/etc/pki/tls/outlook_relay

# ll
total 12
-rw-r--r-- 1 root root  769 mars 16 12:11 server.csr
-rw-r--r-- 1 root root  887 mars 16 12:10 server.key
-rw-r--r-- 1 root root 3269 mars 16 12:12 server.pm

Добавьте следующие параметры в main.cf и перезапустите постфикс

smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high

Я добавить :

...
...
relayhost = [smtp-mail.outlook.com]:587

    #authentification
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    #tls
    smtp_use_tls = yes
    smtp_sasl_security_options = noanonymous
    smtp_sasl_tls_security_options = noanonymous
    smtp_tls_note_starttls_offer = yes
    tls_random_source = dev:/dev/urandom
    smtp_tls_scert_verifydepth = 5
    smtp_tls_key_file=/etc/pki/tls/outlook_relay/server.key
    smtp_tls_cert_file=/etc/pki/tls/outlook_relay/server.pem
    smtpd_tls_ask_ccert = yes
    smtpd_tls_req_ccert = no
    smtp_tls_enforce_peername = no

    smtp_tls_security_level = secure
    smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtp_tls_mandatory_ciphers = high

И перезапустите postfix

результат :

==> /var/log/maillog <==
Mar 16 14:15:45 myserver postfix/qmgr[23272]: 7F27D26ECA1: from=<root@myserver.localdomain>, size=348, nrcpt=1 (queue active)
Mar 16 14:15:45 myserver postfix/tlsmgr[23279]: warning: request to update file /etc/postfix/prng_exch in non-postfix directory /etc/postfix
Mar 16 14:15:45 myserver postfix/tlsmgr[23279]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: cannot get certificate from file /etc/pki/tls/outlook_relay/server.pem
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: TLS library problem: 23278:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/pki/tls/outlook_relay/server.pem','r'):
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: TLS library problem: 23278:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: TLS library problem: 23278:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:
Mar 16 14:15:45 myserver postfix/smtp[23278]: cannot load RSA certificate and key data
Mar 16 14:15:45 myserver postfix/smtp[23278]: warning: unknown smtp_tls_mandatory_protocols value "!SSLv2" in "!SSLv2, !SSLv3"
Mar 16 14:15:45 myserver postfix/smtp[23278]: 7F27D26ECA1: to=<my.email@outlook.com>, relay=smtp-mail.outlook.com[65.55.176.126]:587, delay=0.44, delays=0.03/0.01/0.39/0, dsn=4.7.5, status=deferred (TLS is required, but our TLS engine is unavailable)

Не работает

Но я обнаружил проблему: я переименовал server.pm в server.pem, и теперь он работает ;-)