起因:
[root@backup ~]# echo 123|mail -s "123" [email protected]
[root@backup ~]# smtp-server: 530 5.7.0 Must issue a STARTTLS command first. 71sm664699pfs.63 - gsmtp
"/root/dead.letter" 11/317
. . . message not sent.
之前一直使用的qq郵箱給自己發送郵件,做資料備份用,今天想把qq郵箱換成gmail郵箱,結果出現了上面的錯誤,網上查找了下資料終于得以解決,但中途坑比較多,總結一下友善日後遇坑。
為友善檢視,用紅色表示輸入的指令,藍色表示輸入的内容
1、在/etc/postfix/main.cf檔案末尾添加如下字段。
vi /etc/postfix/main.cf
smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
2、配置SASL認證
建立passwd檔案并添加賬号密碼資訊
mkdir -p /etc/postfix/sasl
vi /etc/postfix/sasl/passwd
[smtp.gmail.com]:587 你的郵箱:應用專用密碼
注意郵箱賬号和密碼之間的“:",不要漏掉。例如:我公司購買的google郵箱服務,我生成的密碼是123qwe則配置[smtp.gmail.com]:587 [email protected]:123qwe
由于google的安全限制,使用非web方式使用需要設定【應用專用密碼】
應用專用密碼生成網站:https://security.google.com/settings/security/apppasswords
3、更改檔案權限
chmod 600 /etc/postfix/sasl/passwd
4、建立查找表
postmap /etc/postfix/sasl/passwd
5、生成CA憑證
cd /etc/pki/tls/certs
make 你的名字.pem #例如:我叫小明,則 make xiaoming.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > xiaoming.pem ; \
echo "" >> xiaoming.pem ; \
cat $PEM2 >> xiaoming.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
....................................+++
....................................................................+++
writing new private key to '/tmp/openssl.gHSN9F'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:gongsi
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:xiaoming
Email Address []:[email protected]
cp /etc/pki/tls/certs/zhaoxinxing.pem /etc/postfix/cacert.pem
7、重新開機postfix服務
/etc/init.d/postfix restart
8、測試、完成