终于搞定了几种MTA邮件relay的情况:1,最普通的25,利用163,yahoo.com等邮件主机转发;2,加密的587如gmail,163等中继;3,没有合法证书的邮件主机,如公司这种,必须要导入证书的类型。现在终于要吧全部工作起来了。
我的配置文件:main.cf如下
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=no
smtpd_use_tls=yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
##### client TLS parameters #####
smtp_tls_loglevel=1
#broken_sasl_auth_clients = yes
#smtp_tls_security_level=may
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login,plain
#smtp_tls_security_level=none
smtp_starttls_timeout=10s
smtp_tls_security_level=may
#smtp_tls_security_level=encrypt
#上面一行为gmail等使用
#smtp_sasl_mechanism_filter = plain, login
smtp_tls_note_starttls_offer = yes
smtp_sasl_password_maps=hash:/etc/postfix/passwd
#smtp_sasl_security_options =noplaintext,noanonymous
smtp_use_tls = no
#smtp_tls_security_level=NONE
#smtp_sasl_security_options =noanonymous
smtp_sasl_security_options =
smtp_always_send_ehlo = yes
smtp_generic_maps=hash:/etc/postfix/generic
smtp_tls_CAfile =/etc/postfix/cacert.pem
CApath = /etc/ssl/certs
tls_random_source=dev:/dev/urandom
# information on enabling SSL in the smtp client.
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
#myhostname = localhost
myhostname = bt.foo.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost,bt.foo.org,localhost.foo.org
#mydestination = localhost
#relayhost =[smtp.163.com]:465
#relayhost =[smtp.163.com]:994
#relayhost =[smtp.163.com]
#relayhost =[smtp.gmail.com]:587
relayhost =[smtp.XXXX.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
上面是没有合法证书的公司邮箱使用。gmail/163/yahoo的配置也保留了,只是注释掉了
没有评论:
发表评论