smtp-server: 454 Command not permitted when TLS active
环境介绍
基于centos 6.5
已经启动sendmail和saslauthd:
[root@test-server ~]# ps -ef| grep sendmail
exim 5701 1 0 14:35 ? 00:00:00 /usr/sbin/sendmail -L sm-msp-que ue -Ac -q1h
root 10152 8016 0 15:13 pts/3 00:00:00 grep sendmail
[root@test-server ~]# ps -ef| grep saslauthd
root 10247 8016 0 15:14 pts/3 00:00:00 grep saslauthd
root 12483 1 0 Dec14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 12484 12483 0 Dec14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 12485 12483 0 Dec14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 12486 12483 0 Dec14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 12488 12483 0 Dec14 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
/etc/mail.rc配置:
[root@test-server ~]# grep ^[^#] /etc/mail.rc
set hold
set append
set ask
set crt
set dot
set keep
set emptybox
set indentprefix="> "
set quote
set sendcharsets=iso-8859-1,utf-8
set showname
set showto
set newmail=nopoll
set autocollapse
ignore received in-reply-to message-id references
ignore mime-version content-transfer-encoding
fwdretain subject date from to
set bsdcompat
set from=ranwuer@163.com
set smtp=smtps://smtp.163.com:465
set smtp-auth-user=ranwuer@163.com
set smtp-auth-password=passwd
set smtp-auth=login
set smtp-use-starttls
set ssl-verify=ignore
set nss-config-dir=/root/.certs运行以及错误:
[root@test-server ~]# cat /opt/tesh |mailx -v -s 'hello' '1095326028@qq.com'
cat: /opt/tesh: No such file or directory
Null message body; hope that's ok
Resolving host smtp.163.com . . . done.
Connecting to 220.181.12.18 . . . connected.
Comparing DNS name: "*.163.com"
SSL parameters: cipher=AES-128-GCM, keysize=128, secretkeysize=128,
issuer=CN=GeoTrust SSL CA - G3,O=GeoTrust Inc.,C=US
subject=CN=*.163.com,OU=MAIL Dept.,O="NetEase (Hangzhou) Network Co., Ltd",L=Hangzhou,ST=Zhejiang,C=CN
220 163.com Anti-spam GT for Coremail System (163com[20141201])
>>> EHLO test-server.com
250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UrZA31uUCa0xDrUUUUj
250-STARTTLS
250 8BITMIME
>>> STARTTLS
454 Command not permitted when TLS active
smtp-server: 454 Command not permitted when TLS active
"/root/dead.letter" 11/301
. . . message not sent.注意最后的4行:
454 Command not permitted when TLS active
smtp-server: 454 Command not permitted when TLS active
"/root/dead.letter" 11/301
. . . message not sent.我就搞不懂了,我在本地测试是正常的,上面的测试是基于阿里云的VPS,以前的发送邮件还能正常工作,但最近就不行了。
本地测是可以收到邮件的。本地测试效果:
[root@test-server--local ~]# cat /opt/tesh |mailx -v -s 'hello' '1095326028@qq.com'
cat: /opt/tesh: No such file or directory
Null message body; hope that's ok
Resolving host smtp.163.com . . . done.
Connecting to 220.181.12.14:smtp . . . connected.
220 163.com Anti-spam GT for Coremail System (163com[20141201])
>>> EHLO test-server--local.com.com
250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UFMq54kUCa0xDrUUUUj
250-STARTTLS
250 8BITMIME
>>> STARTTLS
220 Ready to start TLS
Error in certificate: Peer's certificate issuer is not recognized.
Comparing DNS name: "*.163.com"
SSL parameters: cipher=AES-256-GCM, keysize=256, secretkeysize=256,
issuer=CN=GeoTrust SSL CA - G3,O=GeoTrust Inc.,C=US
subject=CN=*.163.com,OU=MAIL Dept.,O="NetEase (Hangzhou) Network Co., Ltd",L=Hangzhou,ST=Zhejiang,C=CN
>>> EHLO test-server--local.com.com
250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UrYrT65UCa0xDrUUUUj
250-STARTTLS
250 8BITMIME
>>> AUTH LOGIN
334 dXNlcm5hbWU6
>>> cmFud3VlckAxNjMuY29t
334 UGFzc3dvcmQ6
>>> R1FGVTd6RVhxdjBIMHBKSA==
235 Authentication successful
>>> MAIL FROM:<ranwuer@163.com>
250 Mail OK
>>> RCPT TO:<1095326028@qq.com>
250 Mail OK
>>> DATA
354 End data with <CR><LF>.<CR><LF>
>>> .
250 Mail OK queued as smtp10,DsCowAAngWiLeDNaDYDMDg--.41184S3 1513322647
>>> QUIT
221 Bye
本地/etc/mail.rc配置文件:
[root@test-server--local ~]# grep ^[^#] /etc/mail.rc
set hold
set append
set ask
set crt
set dot
set keep
set emptybox
set indentprefix="> "
set quote
set sendcharsets=iso-8859-1,utf-8
set showname
set showto
set newmail=nopoll
set autocollapse
set markanswered
ignore received in-reply-to message-id references
ignore mime-version content-transfer-encoding
fwdretain subject date from to
set bsdcompat
set from=ranwuer@163.com
set smtp=smtp.163.com
set smtp-auth-user=ranwuer@163.com
set smtp-auth-password=passwd
set smtp-auth=login
set smtp-use-starttls
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
You have new mail in /var/spool/mail/root尝试
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你好,时隔两年,不知道你是否需要,我看到有2K在看,我为了他们,也回答一下。
我用163的Email,给你解答。
set from=ranwuer@163.com
set smtp=smtps://smtp.163.com:465
set smtp-auth-user=ranwuer@163.com
set smtp-auth-password=passwd
set smtp-auth=login
set smtp-use-starttls
set ssl-verify=ignore
set nss-config-dir=/root/.certs
可能163的邮箱不支持tls,因为454 Command not permitted when TLS active,所以set smtp-use-starttls这条命令就不要写了。
其他都正确,我为了和我配置的环境一样方便我回答,这条命令我也改了一下,set nss-config-dir=/root/nssdb
现在其实就可以发送邮件了,无非就是出现一行错误提示。但是其实已经发送成功。
如何去除错误提示:
在root下创建文件夹nssdb,
在/root/nssdb/下执行
echo -n "" | openssl s_client -connect smtp.163.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mail163.crt
这条命令是用openssl来获取465端口(就是用ssl模式)的证书链。然后提取/-BEGIN CERTIFICATE-/到/-END CERTIFICATE-/中的内容写到这个文件夹。
这时ll的话就可以看到这个文件(mail163.crt)
现在就是添加到系统这个证书。
certutil -A -n '任意名字' -t "P,P,P" -d . -i ./mail163.crt
就不会报错了,
现在服务器25端口被禁,163好像又不支持tls,只能ssl。
如果提取tls端口的话
echo -n | openssl s_client -starttls smtp -connect smtp.邮箱地址.com:587 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > 任意名称.crt
还有,我命令中mail163也是任意名称,可以随便起。nssdb创建到的位置也没有规定。但是这个文件夹必须保留
因为这个命令需要用set nss-config-dir=/root/nssdb
能和你一起学习是我的荣幸!