读取文件cert=REMOTE_SMTP_/etc/exim4/exim.crt时出现exim4错误
在安装和配置了我的第一 Linux (邮件)服务器(Debian9、Exim4、Dovecot)一周之后,TLS与我的客户端进行了加密通信。发送、接收和DKIM签名也是有效的。
除了这个问题外,当发送邮件时,我在日志中发现:
2017-07-22 20:56:08 1 1dYzZQ 0005fx-6J H=verifier.port25.com 38.95.177.125 TLS连接错误(cert/密钥设置:cert=REMOTE_SMTP_/etc/exim4 4/exim.crt key=REMOTE_SMTP_/etc/exim4/exim.crt):读取文件时出错。 2017-07-22 20:56:08 1 1dYzZQ 0005fx-6J TLS会话失败:将未加密的消息传递给verfier.port25.com 38.95.177.125
REMOTE_SMTP_部分似乎不属于那里。此外,键应该指向一个.key文件。
03_exim4-config_tlsoptions似乎很好。
编辑30_exim4-config_remote_smtp可能解决了("REMOTE_SMTP_")的第一个问题,但无论如何,它应该是有效的:
.ifdef REMOTE_SMTP_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_PRIVATEKEY
.endif错误从何而来?如何解决?
如有任何建议或解释,将不胜感激。
的额外研究,没有发现任何东西:
我没有以错误的方式使用密钥和证书的完整路径:
root@example:/etc/exim4# grep -r exim4/exim /etc/exim4/
/etc/exim4/exim4.conf.template:# /etc/exim4/exim4.conf.template is only used with the non-split
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_CERTIFICATE = /etc/exim4/exim.crt
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_PRIVATEKEY = /etc/exim4/exim.key
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_CERTIFICATE = /etc/exim4/exim.crt
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_PRIVATEKEY = /etc/exim4/exim.key
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs:# /etc/exim4/exim4.conf.template is only used with the non-split进出口可能默认为CONFDIR/exim.crt
root@example:~# grep -r exim.crt /etc/exim4/
/etc/exim4/exim4.conf.template:# CONFDIR/exim.crt if unset
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_CERTIFICATE = /etc/exim4/exim.crt
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:# CONFDIR/exim.crt if unset
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_CERTIFICATE = /etc/exim4/exim.crt当然还有CONFDIR/exim.key
root@example:~# grep -r CONFDIR/exim /etc/exim4/
/etc/exim4/exim4.conf.template:# CONFDIR/exim.crt if unset
/etc/exim4/exim4.conf.template:# CONFDIR/exim.key if unset
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:# CONFDIR/exim.crt if unset
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:# CONFDIR/exim.key if unsetCONFDIR在这里
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs:CONFDIR = /etc/exim4第一期就到此为止了。关于第二个问题(使用.crt而不是.key),我找不到误用MAIN_TLS_CERTIFICATE
root@example:~# grep -r MAIN_TLS_CERTIFICATE /etc/exim4/
/etc/exim4/exim4.conf.template:# MAIN_TLS_CERTIFICATE - path to certificate file,
/etc/exim4/exim4.conf.template:.ifndef MAIN_TLS_CERTIFICATE
/etc/exim4/exim4.conf.template:MAIN_TLS_CERTIFICATE = /etc/letsencrypt/live/example.com/cert.pem
/etc/exim4/exim4.conf.template:tls_certificate = MAIN_TLS_CERTIFICATE
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_CERTIFICATE = /etc/exim4/exim.crt
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:TLS_CERTIFICATE = MAIN_TLS_CERTIFICATE
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:# MAIN_TLS_CERTIFICATE - path to certificate file,
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:.ifndef MAIN_TLS_CERTIFICATE
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:MAIN_TLS_CERTIFICATE = /etc/exim4/exim.crt
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:tls_certificate = MAIN_TLS_CERTIFICATEtls_certificate也一样。
tls_certificate = MAIN_TLS_CERTKEY看起来有点离题,但它是新安装中的默认值。
root@example:~# grep -r tls_certificate /etc/exim4/
/etc/exim4/exim4.conf.template:MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
/etc/exim4/exim4.conf.template:tls_certificate = MAIN_TLS_CERTKEY
/etc/exim4/exim4.conf.template:tls_certificate = MAIN_TLS_CERTIFICATE
/etc/exim4/exim4.conf.template:tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
/etc/exim4/exim4.conf.template:tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:tls_certificate = MAIN_TLS_CERTKEY
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions:tls_certificate = MAIN_TLS_CERTIFICATE
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs:MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp:tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE搜索REMOTE_SMTP_TLS_CERTIFICATE
root@example:/var/log/exim4# grep -r REMOTE_SMTP_TLS_CERTIFICATE /etc/exim4/
/etc/exim4/exim4.conf.template:.ifdef REMOTE_SMTP_TLS_CERTIFICATE
/etc/exim4/exim4.conf.template:tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp:.ifdef REMOTE_SMTP_TLS_CERTIFICATE
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp:tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE更新的权限
root@example:/etc/exim4# ls -l exim.crt exim.key
-rw-r----- 1 root Debian-exim 1066 Jul 21 2017 exim.crt
-rw-r----- 1 root Debian-exim 1708 Jul 21 2017 exim.key回答 1
Stack Overflow用户
发布于 2018-05-30 15:18:04
exim4证书和密钥文件需要以严格的方式设置所有者和模式,否则exim将不会读取它,相反,它将在cert/key设置阶段读取文件错误消息时给出此错误。确切的所有者和模式如下:
root@hostname:/etc/exim4# ls -l exim.crt exim.key
-rw-r----- 1 root Debian-exim 2224 mag 30 17:13 exim.crt
-rw-r----- 1 root Debian-exim 1704 mag 30 17:12 exim.key另一种选择是您的REMOTE_SMTP_/etc/exim4/exim.crt文件是一个损坏的宏。您有在TLS_CERTIFICATE宏的第二部分中替换的REMOTE_SMTP_TLS_CERTIFICATE宏吗?
https://stackoverflow.com/questions/45259928
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号