设置发往xyz.com.cn目标域的邮件通过特定SMTP服务器外发
2025 年 6 月 15 日解决查看Junction列表时报错DPWAP0011E
2025 年 6 月 17 日
Outlook客户端提示服务器端证书不可用,通过第三方工具Openssl验证一下:
首先,要去下载一个280M的OpenSSL Windows安装包:https://slproweb.com/download/Win64OpenSSL-3_5_0.exe
然后,执行以下命令进行验证:
openssl s_client -connect smtp.163.com:465 -showcerts | openssl x509 -noout -dates -issuer
depth=1 C = US, O = “DigiCert, Inc.”, CN = GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = Zhejiang, L = Hangzhou, O = “NetEase (Hangzhou) Network Co., Ltd”, CN = *.163.com
verify return:1
notBefore=Mar 31 00:00:00 2025 GMT
notAfter=May 1 23:59:59 2026 GMT (有效期到2026年5月1日)
issuer=C = US, O = “DigiCert, Inc.”, CN = GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1 (签发者是DigiCert)
Powershell的实现:function Test-SSLCertificate {
param (
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]$Server,
# 创建 TCP 客户端和 SSL 流的变量
$tcpClient = $null
$sslStream = $null
[int]$Port = 465
)
try {
# 创建 TCP 连接
$tcpClient = New-Object System.Net.Sockets.TcpClient
$tcpClient.Connect($Server, $Port)
# 创建 SSL 流,使用安全的证书验证回调
$sslStream = New-Object System.Net.Security.SslStream($tcpClient.GetStream(), $false, {
param($sender, $certificate, $chain, $sslPolicyErrors)
# 如果有证书错误,显示详细信息
if ($sslPolicyErrors -ne [System.Net.Security.SslPolicyErrors]::None) {
Write-Warning "证书验证错误: $sslPolicyErrors"
# 这里可以添加更详细的证书验证逻辑
}
# 返回是否接受证书(在生产环境中,通常不应该直接返回 $true)
return $true
})
# 执行 SSL 握手
$sslStream.AuthenticateAsClient($Server)
# 获取远程证书
$certificate = $sslStream.RemoteCertificate
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]$certificate
# 显示证书信息
Write-Host "证书详情:" -ForegroundColor Green
Write-Host "主题: $($cert.Subject)"
Write-Host "颁发者: $($cert.Issuer)"
Write-Host "生效时间: $($cert.NotBefore)"
Write-Host "过期时间: $($cert.NotAfter)"
# 计算剩余有效期
$daysRemaining = ($cert.NotAfter - (Get-Date)).Days
$status = if ($daysRemaining -gt 0) { "有效" } else { "已过期" }
Write-Host "剩余有效期: $daysRemaining 天 ($status)" -ForegroundColor Cyan
# 返回证书对象供进一步处理
return $cert
}
catch [System.Net.Sockets.SocketException] {
Write-Host "连接失败: $_" -ForegroundColor Red
}
catch [System.Security.Authentication.AuthenticationException] {
Write-Host "SSL 验证失败: $_" -ForegroundColor Red
}
catch {
Write-Host "未知错误: $_" -ForegroundColor Red
}
finally {
# 确保资源被释放
if ($sslStream -ne $null) {
$sslStream.Dispose()
}
if ($tcpClient -ne $null) {
$tcpClient.Dispose()
}
}
}
Test-SSLCertificate -Server "smtp.163.com"
}
验证powershell脚本
解除默认执行策略限制
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
> .\smtp.ps1
证书详情:
主题: CN=*.163.com, O=”NetEase (Hangzhou) Network Co., Ltd”, L=Hangzhou, S=Zhejiang, C=CN
颁发者: CN=GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1, O=”DigiCert, Inc.”, C=US
生效时间: 03/31/2025 08:00:00
过期时间: 05/02/2026 07:59:59
剩余有效期: 320 天 (有效)
Thumbprint Subject
———- ——-
9608B24DD7DE4D6AA674617B589881C31EBFA63A CN=*.163.com, O=”NetEase (Hangzhou) Network Co., Ltd”, L=Hangzhou, S=Zheji…
