我正在尝试使用 ProtonBridge 设置 isync,并收到以下错误:
SSL error connecting 127.0.0.1 (127.0.0.1:1143): self signed certificate
我知道这是本地主机,因此我们提供的证书是自签名的。在任何其他电子邮件客户端中,例如在 Thunderbird 中,需要确认端口1143的安全异常,127.0.0.1.详见此处的步骤 5。我完全没有弄清楚如何在 mbsync 中做到这一点。这是我的.msyncrc:
IMAPStore someuser-remote
Host 127.0.0.1
Port 1143
User info@someuser.net
Pass protonbridgepassword
SSLType STARTTLS
CertificateFile /etc/ssl/certs/ca-certificates.crt
MaildirStore user-local
Path ~/Mail/
Inbox ~/Mail/INBOX
Subfolders Verbatim
Flatten .
Channel user
Master :user-remote:
Slave :user-local:
Create Both
Expunge Both
Patterns *
SyncState *
尝试使用选项SystemCertificates no也无济于事。以下是完整日志:
Reading configuration file /home/user/.mbsyncrc
C: 0/1 B: 0/0 M: +0/0 *0/0 #0/0 S: +0/0 *0/0 #0/0
Channel user
Opening master store user-remote...
Resolving 127.0.0.1... ok
Connecting to 127.0.0.1 (127.0.0.1:1143)...
Opening slave store user-local...
SSL error connecting 127.0.0.1 (127.0.0.1:1143): self signed certificate
C: 1/1 B: 0/0 M: +0/0 *0/0 #0/0 S: +0/0 *0/0 #0/0
正如@pusillanimous在上面的评论中提到的,我确认直接指向 protomail 桥上的证书是有效的。
因此,您只需要将以下内容添加到您的.mbsyncrc
CertificateFile ~/.config/protonmail/bridge/cert.pem
您需要复制ProtonBridge的证书,如Step #1: Get the certificates中所述。不过,openssl命令有些不同,因为连接到本地服务器时需要指定 STARTTLS 协议:
openssl s_client -starttls imap -connect 127.0.0.1:1143 -showcerts
它应该给你一些类似的东西:
CONNECTED(00000003)
depth=0 C = CH, O = Proton Technologies AG, OU = ProtonMail, CN = 127.0.0.1
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, O = Proton Technologies AG, OU = ProtonMail, CN = 127.0.0.1
verify return:1
---
Certificate chain
0 s:/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
i:/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQBW7/mrcQcB5Iu1POkJ3YNzANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJDSDEfMB0GA1UEChMWUHJvdG9uIFRlY2hub2xvZ2llcyBBRzET
(...)
kNvCZidKp31PdIO9IzQn2cI86f2mo1a+ad5dsd1HU4ZB+B3nMiWbQizaFmD3MrgO
cR/KRJtxKTcXQCBLqIi+t2sDFQ8uozs0xYbGHDrCPgCayZLfAVxGCwP2LANnQKw=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
issuer=/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
---
Acceptable client certificate CA names
/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
Client Certificate Types: RSA sign, ECDSA sign
Requested Signature Algorithms:
(...)
复制以-----BEGIN CERTIFICATE-----开头并以-----END CERTIFICATE-----结尾的第一个块,将其粘贴到文件中并使用 .pem 扩展名保存。假设您将其命名protonbridge.pem随后将其保存在/etc/ssl/certs/中,您需要将其添加到~/mbsyncrc文件中:
CertificateFile /etc/ssl/certs/protonbridge.pem
应该是这样,您现在应该可以同步了。我似乎不必复制根颁发者证书,如链接中步骤#1末尾所述。如果执行此操作mbsync -l channel-name您将看到要同步的所有邮箱的列表。如果您不希望同步 Protonmail 帐户中的所有文件夹,包括一个名为"所有邮件"的文件夹,您可能需要添加Patterns INBOX Sent!
我确认使用 Thunderbird 版本 91.8.1(64 位(和 Proton Mail Bridge v2.1.1 您可以在两个程序和传出邮件上将 SMTP 安全设置更改为 SSL/TLS。