利用 mailx 通过 QQ 邮箱 SMTP 发送邮件,出现问题,也许是证书原因,请大家指教
TheOtherBruce · 2016-05-02 11:43:27 +08:00 · 20914 次点击这是一个创建于 3109 天前的主题,其中的信息可能已经有所发展或是发生改变。
OS Centos 7
ln -s /bin/mailx /bin/email
/etc/mail.rc 里是这样设置的
set smtp-use-starttls
set ssl-verify=ignore
set nss-config-dir=/root/.certs
#set from
set [email protected]
# set smtp=smtp://smtp.server.tld:port_number
set smtp=smtp.qq.com:465 ( or 587 )
# set the user for SMTP
# set [email protected]
set [email protected]
# set the password for authorisation
set smtp-auth-password=XXXXXXX
# tell mailx that it needs to authorise
set smtp-auth=login
465 端口测试 没反馈
echo hello|email -v -s "test" [email protected]
Resolving host smtp.qq.com . . . done.
Connecting to 14.17.57.241:465 . . . connected.
^C
587 端口测试
echo hello|email -v -s "test" [email protected]
Resolving host smtp.qq.com . . . done.
Connecting to 14.17.57.241:587 . . . connected.
220 smtp.qq.com Esmtp QQ Mail Server
>>> EHLO XXXX.guest
250-smtp.qq.com
250-PIPELINING
250-SIZE 73400320
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN
250-MAILCOMPRESS
250 8BITMIME
>>> STARTTLS
220 Ready to start TLS
Error initializing NSS: Unknown error -8015.
"/root/dead.letter" 11/301
. . . message not sent.
查看腾讯的证书
465 端口
openssl s_client -showcerts -connect smtp.qq.com:465
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
verify return:1
depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, OU = R&D, CN = pop.qq.com
verify return:1
---
Certificate chain
0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/OU=R&D/CN=pop.qq.com
i:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
-----BEGIN CERTIFICATE-----
MIIGbzCCBVegAwIBAgIQZlTnxqFc/rVo50RzuVnejDANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwMTI3MDAwMDAwWhcNMTYxMDIzMjM1
OTU5WjCBkzELMAkGA1UEBhMCQ04xEjAQBgNVBAgTCUd1YW5nZG9uZzERMA8GA1UE
BxQIU2hlbnpoZW4xOjA4BgNVBAoUMVNoZW56aGVuIFRlbmNlbnQgQ29tcHV0ZXIg
U3lzdGVtcyBDb21wYW55IExpbWl0ZWQxDDAKBgNVBAsUA1ImRDETMBEGA1UEAxQK
cG9wLnFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeSY7Vb
60Cvv7P2O+zhaZnqlz/KFs//DH4It3xmyMPFOPUFopzN1h8n3/4FPqGBtqEEuWBE
/o7soZT30E8bw30Tl07VOcYm/fPKi1pyro3hNEdLi5Wlta9fKxDAvw0U3clSq39R
qihYIDAA3QrDuqI54gULa5IZnqM16A9VBULPfIDaXbdgaAIJ5Ak92nC13YcdQYuv
egL6jOWSKzCRTqeRAg+6dWkfce1+gAOCuCUDgAso2EJ+k9nFe/LAMMGdGbe4KI9H
CwpDCMo+2k2u4SQtXOmuYke7nNmRnpJeL3qZnGWsqT7l3N0mYCc/+3zcMfAcmyuo
H90stoWF/G2T2rcCAwEAAaOCAwswggMHMIIBggYDVR0RBIIBeTCCAXWCCm14Mi5x
cS5jb22CEmltYXAuZXhtYWlsLnFxLmNvbYISdXBsb2FkLm1haWwucXEuY29tgg90
ZWwubWFpbC5xcS5jb22CFGh3c210cC5leG1haWwucXEuY29tgg9tb2IubWFpbC5x
cS5jb22CEXJ0eC5leG1haWwucXEuY29tgg1teGJpejIucXEuY29tgg1teGJpejEu
cXEuY29tgg5oay5tYWlsLnFxLmNvbYIOY2xvdWRteC5xcS5jb22CFGh3aW1hcC5l
eG1haWwucXEuY29tggpteDEucXEuY29tghJzbXRwLmV4bWFpbC5xcS5jb22CEXBv
cC5leG1haWwucXEuY29tghNod3BvcC5leG1haWwucXEuY29tggpteDMucXEuY29t
ggtzbXRwLnFxLmNvbYIKZGF2LnFxLmNvbYIJZXgucXEuY29tgg9jbmMubWFpbC5x
cS5jb22CC2ltYXAucXEuY29tggpwb3AucXEuY29tMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgWgMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9nbi5zeW1jYi5jb20v
Z24uY3JsMIGdBgNVHSAEgZUwgZIwgY8GBmeBDAECAjCBhDA/BggrBgEFBQcCARYz
aHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xl
Z2FsMEEGCCsGAQUFBwICMDUMM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNv
dXJjZXMvcmVwb3NpdG9yeS9sZWdhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwHwYDVR0jBBgwFoAU0m/3lvSFP3I8MH0j2oV4m6N8WnwwVwYIKwYBBQUH
AQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ24uc3ltY2QuY29tMCYGCCsGAQUF
BzAChhpodHRwOi8vZ24uc3ltY2IuY29tL2duLmNydDANBgkqhkiG9w0BAQsFAAOC
AQEAvta4aGvK5qe31ZnLbmtblhgLD11dAdSom3sEnkF8UHtoi+gPiHBmHy1t39Du
2w+5aeriqwsetdDNuAhh6ckKJhGjc9ochWw2lvyuHPko8sSDdBd/oUYBh60lREwB
DoAi7x37QIjia4yprFCNs/+bV+bee+2nijeNYibgwLQ+5jZL89jC6BVXxLSTenVw
B2bzQPauNo+DOsB6ubY/i5r9p2E1DHAO9AluN/epJZ1gwZhYlOey71s59341w/ql
ZJImDrWch+Gj1ZgnXWnttgOSafqynPA6VtiFyYGF4zLboxIkNiyuwj+ZzuugV97z
IurYVE9FA7vTlfeJhAkG2gIwsA==
-----END CERTIFICATE-----
1 s:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
-----BEGIN CERTIFICATE-----
MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K
hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ
U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B
89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx
j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB
I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv
vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk
DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl
aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB
AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw
QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1
c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5
bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq
n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9
Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg
3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45
SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N
QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp
zNSS
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/OU=R&D/CN=pop.qq.com
issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 3114 bytes and written 605 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: C5D491F61D5A9CCFB6D0994D4B98A70619ADDD7076202155F404DB903F575E03
Session-ID-ctx:
Master-Key: 1E2ACE2B58E07911983F27223130B2D473ABCDAD749AC29796544912A57868656FB7E1BFAB33A9F54795C1FAF6E9BF88
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 5e 3f 95 a3 57 86 66 bf-34 7e 95 43 7f 24 0a f8 ^?..W.f.4~.C.$..
0010 - 79 6b fe 42 1b 26 d1 cb-b7 fb 8b 6c 27 7f 5e ab yk.B.&.....l'.^.
0020 - b6 0b f5 6b 6b b1 1e 7a-2e 65 68 84 3d d1 9a d0 ...kk..z.eh.=...
0030 - 98 b0 56 fb dd 15 d4 f8-7d 9e 07 0e 33 86 22 06 ..V.....}...3.".
0040 - 2f d3 ce 38 ae d4 2c 75-00 58 63 fa 9e 07 64 4b /..8..,u.Xc...dK
0050 - bc 0d ce a4 b0 71 d3 f3-ad 5f fa 15 60 5d 5a a6 .....q..._..`]Z.
0060 - 0a 1b f5 72 cb 48 b1 f5-a9 e9 90 71 f4 d8 fc f9 ...r.H.....q....
0070 - 8f 6e 9b 74 3f 9e 26 d8-e8 f6 eb c6 a6 09 db 0d .n.t?.&.........
0080 - 0a 06 63 14 84 eb 2e d5-d9 99 ac 53 5c 36 94 38 ..c........S\6.8
0090 - 3c 38 1a ff 8b 53 c7 54-c4 70 3d 04 62 0d e8 a8 <8...S.T.p=.b...
Start Time: 1462159866
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
220 smtp.qq.com Esmtp QQ Mail Server
^C
587 端口
openssl s_client -showcerts -connect smtp.qq.com:587
CONNECTED(00000003)
139994642556832:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
我按照这两个文章
http://www.gabrielemerli.com/?p=2476
第二篇中的这个命令无法运行
certutil -A -n "Google Internet Authority" -t "TC,," -d certs -i google
certutil: unable to open "google" for reading (-5950, 2).
最后竟然装了这个证书
certutil -L -d certs
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Google Internet Authority CT,,
在寻找证书的过程中, GeoTrust SSL CA - G3 这个证书找不到下载地址。
请问正确的设置应该是怎样的? 现在这里谢谢大家了
第 1 条附言 · 2016-05-02 16:28:42 +08:00
参考
http://whatizee.blogspot.jp/2013/12/installing-and-config-heirloom-mailx.html
~/.certs下有cert8.db key3.db secmod.db这三个文件,
echo -n | openssl s_client -connect smtp.qq.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/qq.crt
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
verify return:1
depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, OU = R&D, CN = pop.qq.com
verify return:1
DONE
我用cd /.certs,然后
certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
报错
certutil -L -d .certs
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
echo "内容" | mail -A Gmail -v -s " 标题" [email protected]
或者
```echo "内容" | mail -A QQ -v -s " 标题" [email protected]````
错误都是这个
Error initializing NSS: Unknown error -8015.
"/root/dead.letter" 11/321
. . . message not sent.
 |
1
ashoka 2016-05-02 13:52:42 +08:00 via Android
在 django 里 qq 好像要打开 ssl 才行
|
 |
2
TheOtherBruce OP @ashoka 您好 能说的详细些吗? 这个 django 在哪?
|
|
3
TheOtherBruce OP 有同志能帮忙吗?
|
|
4
TheOtherBruce OP 我到现在还没解决 :(
|
Select Language