问题:
这是来自Postfix的日志,smtpd_tls_loglevel =2
:
belette64 postfix/smtpd[145475]: connect from smtp.misconfigured.fr[XX.XX.XX.XX]
belette64 postfix/smtpd[145475]: setting up TLS connection from smtp.misconfigured.fr[XX.XX.XX.XX]
belette64 postfix/smtpd[145475]: smtp.misconfigured.fr[XX.XX.XX.XX]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
belette64 postfix/smtpd[145475]: SSL_accept:before SSL initialization
belette64 postfix/smtpd[145475]: SSL_accept:before SSL initialization
belette64 postfix/smtpd[145475]: SSL3 alert write:fatal:handshake failure
belette64 postfix/smtpd[145475]: SSL_accept:error in error
belette64 postfix/smtpd[145475]: SSL_accept error from smtp.misconfigured.fr[XX.XX.XX.XX]: -1
belette64 postfix/smtpd[145475]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../ssl/statem/statem_srvr.c:2282:
belette64 postfix/smtpd[145475]: lost connection after STARTTLS from smtp.misconfigured.fr[XX.XX.XX.XX]
答案1:
你可以添加一个单独的TLS-ignorant服务器,
smtp inet n - y - - smtpd
10025 inet n - y - - smtpd
-o syslog_name=postfix/smtpd/badstarttls
-o smtpd_tls_security_level=none
-o smtpd_helo_required=yes
-o smtpd_helo_restrictions=pcre:/etc/postfix/helo_badstarttls_allow.pcre,reject
- 重定向到其他端口通过
-A PREROUTING .. -j REDIRECT --to-port ..
在iptables中;或者在nftables中:
tcp dport 25 ip protocol tcp ip saddr { XX.XX.XX.XX } redirect to :10025
相关文章