mail serverの移行（その44）Postfix、Dovecotの再構築

mail serverを立ち上げたいだけなのに、Apacheやらopensslやら廻り回って、目が回る。
現時点でPostfixにTSL接続出来る様になる事が目標。としよう。

取り敢えずopensslで接続してみる。

% openssl s_client -connect mail.k-in.co.jp:25
Connecting to 192.168.0.35
CONNECTED(00000005)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 333 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Protocol: TLSv1.3
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

% openssl s_client -connect mail.k-in.co.jp:25

Connecting to 192.168.0.35

CONNECTED(00000005)

write:errno=54

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 333 bytes

Verification: OK

---

New, (NONE), Cipher is (NONE)

Protocol: TLSv1.3

This TLS version forbids renegotiation.

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

---

rootでなければ書き込みエラーが出るようだ。
何だか偉い所に書き込みに行っている様です。
でもTSL接続まではできている様子。

Dovecotではどうだろう。

% openssl s_client -connect mail.k-in.co.jp:993
Connecting to 192.168.0.35
CONNECTED(00000005)
depth=2 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
verify return:1
depth=1 C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA
verify return:1
depth=0 CN=mail.k-in.co.jp
verify return:1
---
Certificate chain
 0 s:CN=mail.k-in.co.jp
   i:C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Nov 13 00:00:00 2024 GMT; NotAfter: Dec 14 23:59:59 2025 GMT
 1 s:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
   i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
 2 s:C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA
   i:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: May 15 00:00:00 2019 GMT; NotAfter: May 14 23:59:59 2029 GMT
 3 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
   i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgIQCca73n8qxWSYjijRmc6W/TANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xEzARBgNVBAcTClNoaWJ1eWEt
a3UxFDASBgNVBAoTC05pamltbyBLLksuMSswKQYDVQQDEyJGdWppU1NMIFNIQTIg
RG9tYWluIFNlY3VyZSBTaXRlIENBMB4XDTI0MTExMzAwMDAwMFoXDTI1MTIxNDIz
NTk1OVowGjEYMBYGA1UEAxMPbWFpbC5rLWluLmNvLmpwMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA7mErt+xJhJxKSpwrUqF2giFN+5vM0S9sNSWqqOG1
C86av+h04I9JfniVa1L3QxNEtN23ot6L90RCXikRlpV+ERo/VOZWzW56vSHdAUUU
wPwy+4A44UJmkv25wJNCjgc311s9E3TB+VSI3P3CrUjXDH4cds6Ch3HynjmSV2MX
fK2co3dVueWbHVRW7KmeFMj+p8COR3SRax0hS0KMJjVk8EHcenVdv2lpSaO5+M76
UiJFgUTD3JH97K8KliYOpML2H+xhpwYUFE+C3pjhe4IBPxRqGBYs8gOJKseaiXO+
21H0UP2WaS76tEn2Kq79IHP6glCphRsmSNj2dY163GwdxwIDAQABo4IC9jCCAvIw
HwYDVR0jBBgwFoAU5iJAT6RQqXotkzlRr7KdczbzwbAwHQYDVR0OBBYEFFnYVn30
uzoNfmxAuTAOmWSXBv9CMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQB
sjEBAgJFMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgG
BmeBDAECATCBhwYIKwYBBQUHAQEEezB5MEsGCCsGAQUFBzAChj9odHRwOi8vbmlq
aW1vLmNydC5zZWN0aWdvLmNvbS9GdWppU1NMU0hBMkRvbWFpblNlY3VyZVNpdGVD
QS5jcnQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9uaWppbW8ub2NzcC5zZWN0aWdvLmNv
bTAaBgNVHREEEzARgg9tYWlsLmstaW4uY28uanAwggGABgorBgEEAdZ5AgQCBIIB
cASCAWwBagB3AN3cyjSV1+EWBeeVMvrHn/g9HFDf2wA6FBJ2Ciysu8gqAAABkyMp
+zQAAAQDAEgwRgIhAPm7QNpI5fJKZcIPgV+1ZcTU5rRAJhMd/ZO/Mz/pBsWVAiEA
+R4Ryc39DZv1/VzKpB3rcmEGBLg9KV/irNuYM+Vqt8wAdgDM+w9qhXEJZf6Vm1PO
6bJ8IumFXA2XjbapflTA/kwNsAAAAZMjKfr6AAAEAwBHMEUCIQDOF2uQCPl2DloH
wwYAvDjalC0tsIvJJJbGFTjn/D/amgIgJkwbpNbNN3WLYtw3HZmby2WMDp2vobNU
YDR8SNukIn8AdwAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZMj
KfrJAAAEAwBIMEYCIQCwrdwxcba4JSKMeCyd5m9ugt+7N+x6oDVbyPcr0IPkMQIh
AL/6uhLvGCWFO8Q0wypIs6HDd+JUGkrMn5zbG1aRtQjYMA0GCSqGSIb3DQEBCwUA
A4IBAQApHWLWohT6Fg7JG7DCndHrIAwTwrHIkOi5OoG1Qx2WoVJwZ3kr3j3/mT85
hodkMOMrppVuCfS4ZbNGvHlEr+Ea3QYTDC61Ocqw3c4qZPFra+jMW4nALF9fIFm4
X0AV5sSVh4Fx528u9BEIjsBL++6oqqx+H4p08IHiFRGaXyq998NehFYRh1vAEF3z
WxoN2db1OrkDpuc0+mMp61petMx3hGZtHfUtCCk0IWPzAI5y+MtdHHP/LeehGn28
91BfhDFr5iftlyj0VIrlAIymQw62mErQXm9xr4KFd3fHtiSZm2aaVcox16DfKYGq
FLSNIUk2ZnKEz/nhAhbybbhG3781
-----END CERTIFICATE-----
subject=CN=mail.k-in.co.jp
issuer=C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6162 bytes and written 413 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: BCD04FF6AE20D614613FAB73D9E5B4FAC6E854A77B3DD98941454A98CED1F35B
    Session-ID-ctx: 
    Resumption PSK: B47E46D839B2864DE59600637DF95109438D8BBA444697BF4660AF2EB7395522344835025AEF76CEE4242C9EDD3C85CE
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 86 8e a4 d0 68 3a 4a 61-9d f5 1f 0c ee cd 22 cb   ....h:Ja......".
    0010 - 40 6d a0 58 74 21 52 73-9f 7f 5f 04 9e c1 6e 17   @m.Xt!Rs.._...n.
    0020 - 9b e5 55 59 71 76 7e e5-06 50 1a 0f 68 45 d9 98   ..UYqv~..P..hE..
    0030 - 9a c1 30 bd 05 2d 51 0d-95 7e d5 05 bd a8 83 4c   ..0..-Q..~.....L
    0040 - fe 6c e7 8a 80 a7 12 69-8f 38 0d 39 a0 cd 94 93   .l.....i.8.9....
    0050 - e0 46 fd 1b 07 29 72 df-2e 49 b1 f7 45 94 8b f5   .F...)r..I..E...
    0060 - a0 8c 67 8d fc 11 44 e2-7c b8 7e 35 b2 4a 62 b1   ..g...D.|.~5.Jb.
    0070 - 92 79 75 9c be e2 1b 2c-2c f5 57 02 c4 81 69 9d   .yu....,,.W...i.
    0080 - 0d ca 93 69 c3 b7 26 cf-33 f4 1c ae 5b 28 f5 f7   ...i..&.3...[(..
    0090 - 0b 5c 82 9e 39 c1 ea d7-ba 63 25 df 1a 18 21 ba   .\..9....c%...!.
    00a0 - f6 56 00 74 26 cb e6 5f-4f f1 7e 35 fc 8c 68 68   .V.t&.._O.~5..hh
    00b0 - 8a 1e 45 33 12 cf a3 50-4a ea 11 fe fc 28 af a2   ..E3...PJ....(..
    00c0 - 07 cb e2 0d 5e a7 3c 95-91 92 5f a6 c8 bc 3b dd   ....^.<..._...;.
    00d0 - 49 35 c6 3d 8d d7 6e b8-3c 44 96 2a c0 df fe 52   I5.=..n.<D.*...R

    Start Time: 1733126558
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 260C2CB0CE1C9F07D608B9D96D23F9D261B8DF9F4D267EE5C0B65543EF203381
    Session-ID-ctx: 
    Resumption PSK: 8066588631D1A044471BFA828508A0A5F7CDE8DCADEE3429425304C2915B4156538C331735422B4C10762BB74E8FA4FD
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 86 8e a4 d0 68 3a 4a 61-9d f5 1f 0c ee cd 22 cb   ....h:Ja......".
    0010 - fa c6 7d 99 7d a4 e5 3f-93 72 26 62 21 d6 b2 0e   ..}.}..?.r&b!...
    0020 - 8d a7 98 02 f3 07 99 72-62 0b 66 45 6e 00 a6 83   .......rb.fEn...
    0030 - 03 55 2b f5 31 86 b8 f3-d7 c4 70 77 e0 3d 06 c0   .U+.1.....pw.=..
    0040 - c2 08 b1 39 af db 60 7e-8b 2b 5b a7 67 84 7a 0c   ...9..`~.+[.g.z.
    0050 - 09 2d 57 e9 ec 9e 74 1d-3c df c4 1c bb be 1c 65   .-W...t.<......e
    0060 - f0 42 98 52 52 84 e9 62-27 63 65 23 f2 f1 1e e2   .B.RR..b'ce#....
    0070 - 44 17 4d 76 0b f9 6c 99-17 0f 5c 93 d8 42 13 fe   D.Mv..l...\..B..
    0080 - 81 4a 8d 70 21 46 f6 53-81 69 bc 18 28 d9 ca 14   .J.p!F.S.i..(...
    0090 - 6d 3c a6 54 f0 11 89 23-a7 4c 0e 59 ee ca f3 1a   m<.T...#.L.Y....
    00a0 - 7a e3 1c 74 38 24 02 db-b1 fb 05 ee d1 5f 86 34   z..t8$......._.4
    00b0 - bb 21 4d fb 78 fb 3b 6b-c1 75 bc 64 1c dd 22 43   .!M.x.;k.u.d.."C
    00c0 - ae 0a 2d 84 7b b7 a1 aa-69 4d c6 82 28 4a ed 7a   ..-.{...iM..(J.z
    00d0 - d0 4f 53 74 e2 c0 e4 d0-c2 28 bf 4d 26 f3 41 70   .OSt.....(.M&.Ap

    Start Time: 1733126558
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
* BYE Disconnected for inactivity.
closed

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

% openssl s_client -connect mail.k-in.co.jp:993

Connecting to 192.168.0.35

CONNECTED(00000005)

depth=2 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority

verify return:1

depth=1 C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA

verify return:1

depth=0 CN=mail.k-in.co.jp

verify return:1

---

Certificate chain

0 s:CN=mail.k-in.co.jp

i:C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA

a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256

v:NotBefore: Nov 13 00:00:00 2024 GMT; NotAfter: Dec 14 23:59:59 2025 GMT

1 s:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority

i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services

a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384

v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

2 s:C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA

i:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority

a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384

v:NotBefore: May 15 00:00:00 2019 GMT; NotAfter: May 14 23:59:59 2029 GMT

3 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services

i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services

a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1

v:NotBefore: Jan 1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIGETCCBPmgAwIBAgIQCca73n8qxWSYjijRmc6W/TANBgkqhkiG9w0BAQsFADB1

MQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xEzARBgNVBAcTClNoaWJ1eWEt

a3UxFDASBgNVBAoTC05pamltbyBLLksuMSswKQYDVQQDEyJGdWppU1NMIFNIQTIg

RG9tYWluIFNlY3VyZSBTaXRlIENBMB4XDTI0MTExMzAwMDAwMFoXDTI1MTIxNDIz

NTk1OVowGjEYMBYGA1UEAxMPbWFpbC5rLWluLmNvLmpwMIIBIjANBgkqhkiG9w0B

AQEFAAOCAQ8AMIIBCgKCAQEA7mErt+xJhJxKSpwrUqF2giFN+5vM0S9sNSWqqOG1

C86av+h04I9JfniVa1L3QxNEtN23ot6L90RCXikRlpV+ERo/VOZWzW56vSHdAUUU

wPwy+4A44UJmkv25wJNCjgc311s9E3TB+VSI3P3CrUjXDH4cds6Ch3HynjmSV2MX

fK2co3dVueWbHVRW7KmeFMj+p8COR3SRax0hS0KMJjVk8EHcenVdv2lpSaO5+M76

UiJFgUTD3JH97K8KliYOpML2H+xhpwYUFE+C3pjhe4IBPxRqGBYs8gOJKseaiXO+

21H0UP2WaS76tEn2Kq79IHP6glCphRsmSNj2dY163GwdxwIDAQABo4IC9jCCAvIw

HwYDVR0jBBgwFoAU5iJAT6RQqXotkzlRr7KdczbzwbAwHQYDVR0OBBYEFFnYVn30

uzoNfmxAuTAOmWSXBv9CMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G

A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQB

sjEBAgJFMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgG

BmeBDAECATCBhwYIKwYBBQUHAQEEezB5MEsGCCsGAQUFBzAChj9odHRwOi8vbmlq

aW1vLmNydC5zZWN0aWdvLmNvbS9GdWppU1NMU0hBMkRvbWFpblNlY3VyZVNpdGVD

QS5jcnQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9uaWppbW8ub2NzcC5zZWN0aWdvLmNv

bTAaBgNVHREEEzARgg9tYWlsLmstaW4uY28uanAwggGABgorBgEEAdZ5AgQCBIIB

cASCAWwBagB3AN3cyjSV1+EWBeeVMvrHn/g9HFDf2wA6FBJ2Ciysu8gqAAABkyMp

+zQAAAQDAEgwRgIhAPm7QNpI5fJKZcIPgV+1ZcTU5rRAJhMd/ZO/Mz/pBsWVAiEA

+R4Ryc39DZv1/VzKpB3rcmEGBLg9KV/irNuYM+Vqt8wAdgDM+w9qhXEJZf6Vm1PO

6bJ8IumFXA2XjbapflTA/kwNsAAAAZMjKfr6AAAEAwBHMEUCIQDOF2uQCPl2DloH

wwYAvDjalC0tsIvJJJbGFTjn/D/amgIgJkwbpNbNN3WLYtw3HZmby2WMDp2vobNU

YDR8SNukIn8AdwAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZMj

KfrJAAAEAwBIMEYCIQCwrdwxcba4JSKMeCyd5m9ugt+7N+x6oDVbyPcr0IPkMQIh

AL/6uhLvGCWFO8Q0wypIs6HDd+JUGkrMn5zbG1aRtQjYMA0GCSqGSIb3DQEBCwUA

A4IBAQApHWLWohT6Fg7JG7DCndHrIAwTwrHIkOi5OoG1Qx2WoVJwZ3kr3j3/mT85

hodkMOMrppVuCfS4ZbNGvHlEr+Ea3QYTDC61Ocqw3c4qZPFra+jMW4nALF9fIFm4

X0AV5sSVh4Fx528u9BEIjsBL++6oqqx+H4p08IHiFRGaXyq998NehFYRh1vAEF3z

WxoN2db1OrkDpuc0+mMp61petMx3hGZtHfUtCCk0IWPzAI5y+MtdHHP/LeehGn28

91BfhDFr5iftlyj0VIrlAIymQw62mErQXm9xr4KFd3fHtiSZm2aaVcox16DfKYGq

FLSNIUk2ZnKEz/nhAhbybbhG3781

-----END CERTIFICATE-----

subject=CN=mail.k-in.co.jp

issuer=C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA

---

No client certificate CA names sent

Peer signing digest: SHA256

Peer signature type: RSA-PSS

Server Temp Key: X25519, 253 bits

---

SSL handshake has read 6162 bytes and written 413 bytes

Verification: OK

---

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

Protocol: TLSv1.3

Server public key is 2048 bit

This TLS version forbids renegotiation.

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

---

Post-Handshake New Session Ticket arrived:

SSL-Session:

Protocol : TLSv1.3

Cipher : TLS_AES_256_GCM_SHA384

Session-ID: BCD04FF6AE20D614613FAB73D9E5B4FAC6E854A77B3DD98941454A98CED1F35B

Session-ID-ctx:

Resumption PSK: B47E46D839B2864DE59600637DF95109438D8BBA444697BF4660AF2EB7395522344835025AEF76CEE4242C9EDD3C85CE

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 7200 (seconds)

TLS session ticket:

0000 - 86 8e a4 d0 68 3a 4a 61-9d f5 1f 0c ee cd 22 cb ....h:Ja......".

0010 - 40 6d a0 58 74 21 52 73-9f 7f 5f 04 9e c1 6e 17 @m.Xt!Rs.._...n.

0020 - 9b e5 55 59 71 76 7e e5-06 50 1a 0f 68 45 d9 98 ..UYqv~..P..hE..

0030 - 9a c1 30 bd 05 2d 51 0d-95 7e d5 05 bd a8 83 4c ..0..-Q..~.....L

0040 - fe 6c e7 8a 80 a7 12 69-8f 38 0d 39 a0 cd 94 93 .l.....i.8.9....

0050 - e0 46 fd 1b 07 29 72 df-2e 49 b1 f7 45 94 8b f5 .F...)r..I..E...

0060 - a0 8c 67 8d fc 11 44 e2-7c b8 7e 35 b2 4a 62 b1 ..g...D.|.~5.Jb.

0070 - 92 79 75 9c be e2 1b 2c-2c f5 57 02 c4 81 69 9d .yu....,,.W...i.

0080 - 0d ca 93 69 c3 b7 26 cf-33 f4 1c ae 5b 28 f5 f7 ...i..&.3...[(..

0090 - 0b 5c 82 9e 39 c1 ea d7-ba 63 25 df 1a 18 21 ba .\..9....c%...!.

00a0 - f6 56 00 74 26 cb e6 5f-4f f1 7e 35 fc 8c 68 68 .V.t&.._O.~5..hh

00b0 - 8a 1e 45 33 12 cf a3 50-4a ea 11 fe fc 28 af a2 ..E3...PJ....(..

00c0 - 07 cb e2 0d 5e a7 3c 95-91 92 5f a6 c8 bc 3b dd ....^.<..._...;.

00d0 - 49 35 c6 3d 8d d7 6e b8-3c 44 96 2a c0 df fe 52 I5.=..n.<D.*...R

Start Time: 1733126558

Timeout : 7200 (sec)

Verify return code: 0 (ok)

Extended master secret: no

Max Early Data: 0

---

read R BLOCK

---

Post-Handshake New Session Ticket arrived:

SSL-Session:

Protocol : TLSv1.3

Cipher : TLS_AES_256_GCM_SHA384

Session-ID: 260C2CB0CE1C9F07D608B9D96D23F9D261B8DF9F4D267EE5C0B65543EF203381

Session-ID-ctx:

Resumption PSK: 8066588631D1A044471BFA828508A0A5F7CDE8DCADEE3429425304C2915B4156538C331735422B4C10762BB74E8FA4FD

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 7200 (seconds)

TLS session ticket:

0000 - 86 8e a4 d0 68 3a 4a 61-9d f5 1f 0c ee cd 22 cb ....h:Ja......".

0010 - fa c6 7d 99 7d a4 e5 3f-93 72 26 62 21 d6 b2 0e ..}.}..?.r&b!...

0020 - 8d a7 98 02 f3 07 99 72-62 0b 66 45 6e 00 a6 83 .......rb.fEn...

0030 - 03 55 2b f5 31 86 b8 f3-d7 c4 70 77 e0 3d 06 c0 .U+.1.....pw.=..

0040 - c2 08 b1 39 af db 60 7e-8b 2b 5b a7 67 84 7a 0c ...9..`~.+[.g.z.

0050 - 09 2d 57 e9 ec 9e 74 1d-3c df c4 1c bb be 1c 65 .-W...t.<......e

0060 - f0 42 98 52 52 84 e9 62-27 63 65 23 f2 f1 1e e2 .B.RR..b'ce#....

0070 - 44 17 4d 76 0b f9 6c 99-17 0f 5c 93 d8 42 13 fe D.Mv..l...\..B..

0080 - 81 4a 8d 70 21 46 f6 53-81 69 bc 18 28 d9 ca 14 .J.p!F.S.i..(...

0090 - 6d 3c a6 54 f0 11 89 23-a7 4c 0e 59 ee ca f3 1a m<.T...#.L.Y....

00a0 - 7a e3 1c 74 38 24 02 db-b1 fb 05 ee d1 5f 86 34 z..t8$......._.4

00b0 - bb 21 4d fb 78 fb 3b 6b-c1 75 bc 64 1c dd 22 43 .!M.x.;k.u.d.."C

00c0 - ae 0a 2d 84 7b b7 a1 aa-69 4d c6 82 28 4a ed 7a ..-.{...iM..(J.z

00d0 - d0 4f 53 74 e2 c0 e4 d0-c2 28 bf 4d 26 f3 41 70 .OSt.....(.M&.Ap

Start Time: 1733126558

Timeout : 7200 (sec)

Verify return code: 0 (ok)

Extended master secret: no

Max Early Data: 0

---

read R BLOCK

* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

* BYE Disconnected for inactivity.

closed

web serviceに接続した時と同様な表示をしているから、きっと正しいのだろう。（そう有って欲しい）
つまり、Postfixだけ設定がおかしい。

忘れない内に参考したサイトを書いておこう。
一つ目は、OpenSSLでウェブサーバーに中間CA証明書が正しく設定されているか確認する方法。
二つ目は、今度こそopensslコマンドを理解して使いたい (2) 設定ファイル（openssl.cnf）を理解する。
あと、此処は大事。Postfix設定パラメータ。日本語で解説して呉れて居るので有り難い。

mail serverの移行（その44）Postfix、Dovecotの再構築

関連

コメントを残すコメントをキャンセル

2024年12月
日	月	火	水	木	金	土
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31