search

Jinnrry / PMail

Private EMail Server
GNU General Public License v2.0
1.49k stars 142 forks source link

对自建域名发信报x509错误 #164

Closed Ariczh closed 4 months ago

Ariczh commented 4 months ago

请完整读完README再提问! / Before asking questions, please read the README !

请说明问题 / Describe the bug A clear and concise description of what the bug is. 我的部署环境在内网,域名全都是只存在于内网DNS上的虚假域名,发送服务器(Pmail)和收件方(非pmail)都是如此。当我对真实存在的邮件域名发信(如xxx@qq.com)时,投递正常,对内网虚假域名发信时会报错: 邮件投递失败tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match any.kap 这里any.kap是虚假域名,它仅存在于我的内网DNS上,在DNS上设置了对应的A记录和MX记录。 是否可以关闭相关的tls验证?

如何复现 / To Reproduce Steps to reproduce the behavior: 对不存在于公网的域名发信即可复现。

你预期的行为 / Expected behavior A clear and concise description of what you expected to happen. 正常发送邮件

贴上你的配置文件 / Program configuration file contents

config.json ``` {"logLevel":"","domain":"describe.aog","domains":["describe.aog"],"webDomain":"mail.describe.aog","dkimPrivateKeyPath":"config/dkim/dkim.priv","sslType":"1","SSLPrivateKeyPath":"./config/ssl/key.pem","SSLPublicKeyPath":"./config/ssl/cert.pem","dbDSN":"./config/pmail.db","dbType":"sqlite","httpsEnabled":2,"spamFilterLevel":0,"httpPort":8080,"httpsPort":4430,"weChatPushAppId":"","weChatPushSecret":"","weChatPushTemplateId":"","weChatPushUserId":"","tgBotToken":"","tgChatId":"","isInit":true,"webPushUrl":"","webPushToken":""} ```

日志信息 / Log

log ``` [info][2024-07-18 16:12:39][0a1443426698ce77961c792b3ea738b0][/home/runner/work/PMail/PMail/server/controllers/email/send.go:58]发送邮件 [error][2024-07-18 16:12:39][0a1443426698ce77961c792b3ea738b0][/home/runner/work/PMail/PMail/server/utils/send/send.go:209][0xc000038780] 邮件投递失败tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match any.kap [error][2024-07-18 16:12:39][/home/runner/work/PMail/PMail/server/hooks/framework/framework.go:112]params error json: cannot unmarshal object into Go struct field HookDTO.ErrMap of type error ```
Ariczh commented 4 months ago

或许是传输过程的starttls导致的问题?是否可以关闭starttls?

Jinnrry commented 4 months ago

https://github.com/Jinnrry/PMail/blob/master/server/utils/send/send.go#L95C1-L96C1

目前针对localhost域名没有校验证书有效性。要么你自己编译一个版本,把你的域名加到这里,要么把你自签证书加到双方系统的可信列表里面吧

Ariczh commented 4 months ago

我来安装自签证书试试看