Postfix SSL不起作用，邮件转到垃圾邮件

Question

我尝试使用SSL配置postfix。我已经按照本教程进行了操作： https://www.cloudjojo.com/how-to-install-mail-server-on-ubuntu-14-04-part2/

我的main.cf：

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = street-sport-base
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# myorigin = /etc/mailname

relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all


queue_directory = /var/spool/postfix
mail_owner = postfix

mydomain = street-sport.pl
myorigin = street-sport.pl

mydestination = $myhostname,  street-sport-base, localhost.$mydomain, localhost




home_mailbox = Maildir/ 
sendmail_path = /usr/sbin/sendmail 
newaliases_path = /usr/sbin/newaliases 
mailq_path = /usr/sbin/mailq 
setgid_group = postdrop 
html_directory = no 
manpage_directory = /usr/share/man 
sample_directory = /etc/postfix 

biff = no 

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf 
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf 
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf 

smtpd_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtpd_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtpd_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt
smtpd_use_tls=yes 
smtpd_tls_auth_only = no 

smtpd_sasl_type = dovecot 
smtpd_sasl_path = private/auth 
smtpd_sasl_auth_enable = yes 

smtpd_recipient_restrictions = 
   permit_sasl_authenticated,
   permit_mynetworks, 
   reject_unauth_destination 

virtual_transport = lmtp:unix:private/dovecot-lmtp

smtpd_tls_security_level = may
smtp_tls_security_level = may

smtp_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtp_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtp_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt


smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom

master.cf

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

当我从控制台向我的Gmail邮箱发送邮件时，邮件会被传递，但会发送到垃圾邮件。 Gmail表示此邮件具有标准的tsl加密（灰锁）。我究竟做错了什么？我需要完全加密，电子邮件不会发送垃圾邮件。

文件1710371.key仅包含密钥 文件1710371.cert包含我的域的证书 和文件certificate_and_key.crt包含我的域，密钥和两个中间证书的证书： 1. http://repository.certum.pl/hsha2.pem 2. http://repository.certum.pl/gscasha2.pem

Answer 1

如果您想使用更好的“标准TLS加密”，则需要以S / MIME的形式使用端到端加密。端到端意味着从邮件发件人到收件人，这意味着这只能用于您的邮件客户端，而不能用于邮件服务器，而邮件服务器只是一个跳，而不是邮件传输的端点。

请参阅Google Help了解各种符号的含义以及使用S / MIME需要执行的操作。

  

我需要完全加密电子邮件不会发送垃圾邮件。

只有一小部分邮件使用S / MIME。应该可以使用标准TLS加密或根本不加密，不能归类为垃圾邮件。您的服务器更有可能在某个黑名单中更早发送垃圾邮件，您尝试从正常的私有系统（即DSL，电缆或类似网站而不是互联网上的真实服务器）发送邮件，其他东西是混乱的根据您的设置，或者只是根据内容将您尝试发送的邮件视为垃圾邮件。