ubuntu – Gmail将Dovecot电子邮件标记为不安全

前端之家收集整理的这篇文章主要介绍了ubuntu – Gmail将Dovecot电子邮件标记为不安全前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我以为我成功保护了我的Postfix / Dovecot电子邮件服务器.我有来自LetsEncrypt的签名证书,该证书对我的域名有效.

发送和发送接收工作正常,但由于Gmail开始标记不安全的电子邮件,从我的服务器发送的所有邮件标记为未加密.

Gmail用户会看到“此邮件未加密”,如下所示:

在Postfix的main.cf,以及其他设置中,我有:

# SASL,for SMTP authentication
smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = private/auth

# TLS,for encryption
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/letsencrypt/live/mydomain.com/chain.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
tls_random_source = dev:/dev/urandom
smtpd_client_new_tls_session_rate_limit = 10
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_exclude_ciphers =
    EXP
    EDH-RSA-DES-CBC-SHA
    ADH-DES-CBC-SHA
    DES-CBC-SHA
    SEED-SHA
smtpd_tls_dh512_param_file = ${config_directory}/certs/dh_512.pem
smtpd_tls_dh1024_param_file = ${config_directory}/certs/dh_1024.pem
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_delay_reject = yes

在Postfix的master.cf中,除了其他设置之外,我还有:

smtp      inet  n       -       -       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_use_tls=yes
  -o smtpd_tls_security_level=encrypt

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o broken_sasl_auth_clients=yes

在Dovecot的10-ssl.conf中,除了其他设置外,我还有:

ssl = required
ssl_ca = </etc/letsencrypt/live/mydomain.com/chain.pem
ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem

Gmail是否会错误标记LetsEncrypt证书,因为它不信任它们,或者我的电子邮件是否真的未加密发送?

我通过将这两行添加到Postfix的main.cf来解决这个问题:
smtp_tls_security_level = may
smtpd_tls_security_level = may

(我之前只设置了smtpd_tls_security_level,因为有一篇误导性文章说所有smtp_值都被折旧而有利于smtpd_.)

原文链接:https://www.f2er.com/ubuntu/348661.html

猜你在找的Ubuntu相关文章