最近在看zabbix发送邮件的时候,发现自己的邮件总是无法发送,这里可能是外网防火墙禁止25端口,那么如何绕过25端口呢?
我使用的是163邮箱的TSL加密协议465端口
由于mailx基本配置很简单,在这里就不做详细描述,只说如何能通过465端口发送邮件
首先请求数字证书
[email protected] ~]# mkdir -p /root/.certs/ ####创建目录,用来存放证书
[[email protected] ~]# echo -n | openssl s_client -connect smtp.163.com:465 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p‘ > ~/.certs/163.crt ####向163请求证书
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
verify return:1
depth=0 C = CN, ST = Zhejiang, L = Hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", OU = MAIL Dept., CN = *.163.com
verify return:1
DONE
[[email protected] ~]# certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt ####添加一个证书到证书数据库中
[[email protected] ~]# certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt ####添加一个证书到证书数据库中
[[email protected] ~]# certutil -L -d /root/.certs ####列出目录下证书
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
GeoTrust SSL CA
然后前往163邮箱打开smtp并获取客户端授权码
网页正上方:设置→POP3/SMTP/IMAP
网页左侧:客户端授权密码
最后配置/etc/mail.rc
set bsdcompat
set [email protected]
set smtp=smtps://smtp.163.com:465
set [email protected]
set smtp-auth-password=*********
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/root/.certs
现在发送测试邮件
echo "zabbix test mail" | mail -s "zabbix" [email protected]
登录QQ邮箱查看
看起来已经成功了,但是发送完邮件还有报错:证书不被信任,且命令行就此卡住,需要按键才能出现命令提示符
Error in certificate: Peer‘s certificate issuer is not recognized.
于是
[[email protected] ~]# cd /root/.certs/
[[email protected] .certs]# ll
total 80
-rw-r--r-- 1 root root 1793 Jul 6 14:36 163.crt
-rw------- 1 root root 65536 Jul 6 14:37 cert8.db
-rw------- 1 root root 16384 Jul 6 14:37 key3.db
-rw------- 1 root root 16384 Jul 6 14:37 secmod.db
[[email protected] .certs]# certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i 163.crt
Notice: Trust flag u is set automatically if the private key is present.
问题解决
2018新年快乐
原文地址:https://www.cnblogs.com/yunweis/p/8149242.html