1. 首頁
  2. 問答
  3. haraka SMTP服務器:錯誤:無法獲得發行者證書

haraka SMTP服務器:錯誤:無法獲得發行者證書

2016-09-26 117 views
0

獲取嘗試,因爲只有外出時要使用haraka電子郵件服務器錯誤:haraka SMTP服務器:錯誤:無法獲得發行者證書

[TLS]保護:密碼= ECDHE-RSA-AES128-GCM-SHA256版本=的TLSv1/SSLv3的驗證=虛假錯誤=「錯誤:無法獲得發行者證書」爲此發送電子郵件試圖

[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] connect ip=111.222.333.444 port=55152 local_ip=:: local_port=587 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init hooks 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init_respond 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running lookup_rdns hooks 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect hooks 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 mydomain.com ESMTP Haraka 2.8.8 ready 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: EHLO mydomain.com state=1 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running ehlo hooks 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hooks 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in tls plugin 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=tls function=tls_capabilities params="" retval=CONT msg="" 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in auth/flat_file plugin 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [auth/flat_file] Auth disabled for insecure public connection 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=auth/flat_file function=hook_capabilities params="" retval=CONT msg="" 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-mydomain.com Hello mydomain.com [111.222.333.444], Haraka is at your service. 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-PIPELINING 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-8BITMIME 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-SIZE 0 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250 STARTTLS 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: STARTTLS state=1 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hooks 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hook in tls plugin 
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 Go ahead. 
[DEBUG] [-] [core] Upgrading to TLS 
[DEBUG] [-] [core] TLS secured. 
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate" 
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=unrecognized_command plugin=tls function=tls_unrecognized_command params="STARTTLS" retval=OK msg="" 
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] client [111.222.333.444] dropped connection 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hooks 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hook in tls plugin 
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=disconnect plugin=tls function=hook_disconnect params="" retval=CONT msg="" 
[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] disconnect ip=111.222.333.444 rdns="mydomain.com" helo="" relay=N early=N esmtp=Y tls=Y pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.06

這裏

...整個服務器日誌整個客戶端的NodeJS代碼向外發送電子郵件

// https://github.com/nodemailer/nodemailer 

var nodemailer = require('nodemailer'); 

var transporter = nodemailer.createTransport('smtp://myloginid:[email protected]:587'); 

var mailOptions = { 
    host: 'mydomain.com', 
    port: 587, 
    from: '[email protected]', // sender address 
    to: '[email protected]', // list of receivers 
    subject: 'Hello', 
    text: 'Hello world', 
    debug: true, 
    auth: { 
     user: 'myloginid', 
     pass: 'mypassword' 
    } 
}; 

// send mail with defined transport object 
transporter.sendMail(mailOptions, function(error, info){ 
    if(error){ 
     return console.log(error); 
    } 
    console.log('Message sent: ' + info.response); 
});

節點--version V6.6.0我使用從教程生成TLS證書

https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/

這裏有四個證書文件

cert.pem鏈。 pem fullchain.pem privkey.pem

我使用了其中兩個TLS證書文件KA

cp /etc/letsencrypt/live/${FRESH_DOMAIN}/privkey.pem ${HARAKA_HOME}/config/tls_key.pem 
cp /etc/letsencrypt/live/${FRESH_DOMAIN}/cert.pem ${HARAKA_HOME}/config/tls_cert.pem

下面是錯誤

客戶nodemailer

Error: unable to verify the first certificate at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

haraka日誌錯誤:

[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"

有什麼建議?

PS。奇怪的是目前它工作確定,如果我使用swaks來發送電子郵件,即使上述電子郵件的NodeJS客戶端無法

swaks -f [email protected] -t [email protected] -s localhost -p 587 -au myloginid -ap mypassword

來源

2016-09-26 Scott Stensland

回答

0

我上面使用letsencrypt TLS證書文件選擇適用於其他電子郵件服務器一樣後綴...但haraka代替希望文件fullchain.pem

錯了以前使用的:cert.pem

正確的TLS證書:fullchain.pem

這個文件改變固定的TLS錯誤,以便Haraka現在發送傳出電子郵件OK以上客戶的NodeJS合作de

來源

2016-09-26 23:39:51

相關問題

 相關問題