大佬教程收集整理的这篇文章主要介绍了linux – Exim TLS和安全SMTP,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
# Allow any client to use TLS tls_advertise_hosts = * # Specify the LOCATIOn of the Exim server's TLS certificate and private key. tls_certificate = /etc/exim/exim.crt tls_privatekey = /etc/exim/exim.key
最初,Exim似乎按预期工作,我能够安全地连接到邮件服务器并对自己进行身份验证,但是在我进入sR_534_11845@TP会话中的收件人部分后,连接就被删除了.使用未加密的连接时不会发生此问题.
要测试安全SMTP,请使用以下命令:
openssl s_client -starttls smtp -crlf -connect localhost:25
这是我得到的输出:
CONNECTED(00000003) depth=0 C = ZA,etc,etc verify error:num=18:self signed certificate verify return:1 depth=0 C = ZA,etc verify return:1 --- Certificate chain 0 s:/C=ZA/etc,etc i:/C=ZA/etc,etc --- Server certificate -----BEGIN CERTIFICATE----- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXX== -----END CERTIFICATE----- subject=/C=ZA/etc,etc --- No client certificate CA names sent --- SSL handshake has read 1275 bytes and written 444 bytes --- New,TLSv1/SSLv3,Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Session-ID-ctx: Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Key-Arg : None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - d0 cd ff b6 0c a2 fb 6c-f6 69 dc 0b a7 aa f3 1a .......l.i...... 0010 - 10 76 75 05 15 d8 8c 21-cb eb b8 ae ec 34 7d b3 .vu....!.....4}. 0020 - 7a bf f0 d6 7d df 26 27-41 1e d1 2a 35 bf 2f 0c z...}.&'A..*5./. 0030 - 25 6a 32 15 6e 53 d2 30-31 1b d@R_674_11214@0 e6 11 20 73 %j2.ns.01..`.. s 0040 - 57 e3 76 96 e7 7e dc da-98 f2 cc a7 e5 58 62 b2 W.v..~.......Xb. 0050 - ec db 58 91 16 14 18 ff-15 64 d6 66 1f 75 92 96 ..X......d.f.u.. 0060 - 65 43 f8 2c 4a 42 81 41-0c 2f 46 84 38 0c c5 e0 eC.,JB.A./F.8... 0070 - 8d 7b d7 7e 12 0e 28 ca-f0 f9 b5 d0 b2 a6 ab 66 .{.~..(........f 0080 - f8 c5 33 e3 cb 16 f5 76-8f e7 49 0c 4@R_674_11214@9 31 43 ..3....v..I.Ii1C 0090 - 05 25 dc 75 3a 07 13 91-63 ff 13 fd b0 2c 9f 8b .%.u:...c....,.. Compression: 1 (zlib compression) Start Time: 1315250595 Timeout : 300 (seC) Verify return code: 18 (self signed certificatE) --- 250 HelP HelO localhost 250 OK MAIL FROM:someone@somewhere.com 250 OK RCPT TO:anyone@Nowhere.com RENEGOTIATinG depth=0 C = ZA,etc verify return:1 421 lost input connection read:errno=0
我已经用上面的输出中的垃圾数据替换了电子邮件地址和组织树,因为它不相关,因为我在使用常规SMTP时没有同样的问题.无论我是尝试从localhost连接还是从外部源连接,都会发生上述事务.我还应该注意,我使用的是使用OpenSSL@L_674_11@的自签名证书.此外,在上面的示例中没有身份验证数据,因为我从localhost执行测试,这允许所有邮件无需身份验证.
正如您在上面的输出中所看到的,Exim似乎在发出字符串“RENEGOTIATinG”期间/之后中断.
由于我在SMTP会话期间收到的输出没有多大帮助,我还尝试在调试所有模式下运行Exim.为简洁起见,我不会发布完整的SMTP事务,因为整个会话都很正常,直到我指定收件人地址为止.这是我在输入收件人地址并输入后输入的Exim调试数据的确切片段:
21:42:10 7425 SSL info: before accept initialization 21:42:10 7425 SSL info: before accept initialization 21:42:10 7425 SSL info: SSLv3 read client Hello A 21:42:10 7425 SSL info: SSLv3 write server Hello A 21:42:10 7425 SSL info: SSLv3 write certificate A 21:42:10 7425 SSL info: SSLv3 write server done A 21:42:10 7425 SSL info: SSLv3 flush data 21:42:10 7425 SSL info: SSLv3 read client key exchange A 21:42:10 7425 SSL info: SSLv3 read finished A 21:42:10 7425 SSL info: SSLv3 write session ticket A 21:42:10 7425 SSL info: SSLv3 write change cipher spec A 21:42:10 7425 SSL info: SSLv3 write finished A 21:42:10 7425 SSL info: SSLv3 flush data 21:42:10 7425 SSL info: SSL negotiation finished successfully 21:42:10 7425 SSL info: SSL negotiation finished successfully 21:42:10 7425 Got SSL error 2 21:42:10 7425 SMTP>> 421 lost input connection 21:42:10 7425 tls_do_write(1db4020,48) 21:42:10 7425 SSL_write(SSL,1db4020,48) 21:42:10 7425 outbytes=48 error=0 21:42:10 7425 LOG: lost_incoming_connection MAIN 21:42:10 7425 unexpected disconnection while reading SMTP command from (localhost) [127.0.0.1] 21:42:10 7425 search_tidyup called 21:42:10 7194 child 7425 ended: status=0x100 21:42:10 7194 0 SMTP accept processes Now running 21:42:10 7194 Listening...
总之 – 在s_client会话中按“R”会导致openssl重新协商.尝试输入“rcpt to:”而不是“RCPT TO”.
您还可以尝试更适合特定于SMTP的测试的工具,例如Tony Finch’s smtpc或swaks.
以上是大佬教程为你收集整理的linux – Exim TLS和安全SMTP全部内容,希望文章能够帮你解决linux – Exim TLS和安全SMTP所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。