Postfix SSL 不工作,邮件变成垃圾邮件
Postfix SSL not working, mails go to spam
我正在尝试使用 SSL 配置 postfix。我已经按照本教程进行操作:
https://www.cloudjojo.com/how-to-install-mail-server-on-ubuntu-14-04-part2/
我的main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = street-sport-base
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# myorigin = /etc/mailname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
queue_directory = /var/spool/postfix
mail_owner = postfix
mydomain = street-sport.pl
myorigin = street-sport.pl
mydestination = $myhostname, street-sport-base, localhost.$mydomain, localhost
home_mailbox = Maildir/
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/sbin/newaliases
mailq_path = /usr/sbin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
biff = no
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf
smtpd_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtpd_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtpd_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt
smtpd_use_tls=yes
smtpd_tls_auth_only = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtp_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtp_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
当我将邮件从控制台发送到我的 gmail 邮箱时,邮件已送达,但已进入垃圾邮件。 Gmail 表示此邮件具有标准的 tsl 加密(灰锁)。我究竟做错了什么?我需要完全加密,确保电子邮件不会变成垃圾邮件。
文件 1710371.key 仅包含密钥
文件 1710371.cert 包含我的域的证书
文件 certificate_and_key.crt 包含我的域的证书、密钥和两个中间证书:
1. http://repository.certum.pl/hsha2.pem
2.http://repository.certum.pl/gscasha2.pem
如果您想使用比 "standard TLS encryption" 更好的东西,您需要使用 S/MIME 形式的端到端加密。端到端意味着从邮件发件人到收件人,这意味着这只能通过您的邮件客户端进行,而不能通过您的邮件服务器进行,这只是一个跃点,而不是邮件传输的端点。
请参阅 Google Help 了解各种符号的含义以及您需要做什么才能拥有 S/MIME。
I need full encrytion that emails doesn't go to spam.
只有一小部分邮件使用 S/MIME。应该可以使用标准的 TLS 加密或根本不加密而不被归类为垃圾邮件。更有可能的是你的服务器在一些早期发送垃圾邮件的黑名单上,你正试图从一个普通的私有系统(即 DSL、电缆或类似的而不是互联网上的真实服务器)发送邮件,其他东西被弄乱了根据您的设置或简单地根据内容将您尝试发送的邮件视为垃圾邮件。
我正在尝试使用 SSL 配置 postfix。我已经按照本教程进行操作: https://www.cloudjojo.com/how-to-install-mail-server-on-ubuntu-14-04-part2/
我的main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = street-sport-base
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# myorigin = /etc/mailname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
queue_directory = /var/spool/postfix
mail_owner = postfix
mydomain = street-sport.pl
myorigin = street-sport.pl
mydestination = $myhostname, street-sport-base, localhost.$mydomain, localhost
home_mailbox = Maildir/
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/sbin/newaliases
mailq_path = /usr/sbin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
biff = no
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf
smtpd_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtpd_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtpd_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt
smtpd_use_tls=yes
smtpd_tls_auth_only = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtp_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtp_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
当我将邮件从控制台发送到我的 gmail 邮箱时,邮件已送达,但已进入垃圾邮件。 Gmail 表示此邮件具有标准的 tsl 加密(灰锁)。我究竟做错了什么?我需要完全加密,确保电子邮件不会变成垃圾邮件。
文件 1710371.key 仅包含密钥 文件 1710371.cert 包含我的域的证书 文件 certificate_and_key.crt 包含我的域的证书、密钥和两个中间证书: 1. http://repository.certum.pl/hsha2.pem 2.http://repository.certum.pl/gscasha2.pem
如果您想使用比 "standard TLS encryption" 更好的东西,您需要使用 S/MIME 形式的端到端加密。端到端意味着从邮件发件人到收件人,这意味着这只能通过您的邮件客户端进行,而不能通过您的邮件服务器进行,这只是一个跃点,而不是邮件传输的端点。
请参阅 Google Help 了解各种符号的含义以及您需要做什么才能拥有 S/MIME。
I need full encrytion that emails doesn't go to spam.
只有一小部分邮件使用 S/MIME。应该可以使用标准的 TLS 加密或根本不加密而不被归类为垃圾邮件。更有可能的是你的服务器在一些早期发送垃圾邮件的黑名单上,你正试图从一个普通的私有系统(即 DSL、电缆或类似的而不是互联网上的真实服务器)发送邮件,其他东西被弄乱了根据您的设置或简单地根据内容将您尝试发送的邮件视为垃圾邮件。