问题如题:
之前购买的公网证书,过期后改为AD申请的证书。其他都没有动过,现在内网收发都正常,外网邮箱(客户端和web都不行)一直发送延迟。请问大神可能是什么问题。
证书信息如下:
[PS] C:\Windows\system32>Get-ExchangeCertificate | fl *
PSComputerName : exchange02.xxx.com
RunspaceId : 09286abd-e410-4516-847f-f1a530f6e227
PSShowComputerName : False
EnhancedKeyUsageList : {服务器身份验证 (1.3.6.1.5.5.7.3.1)}
DnsNameList : {mail.xxx.com, exchange01.xxx.com, AutoDiscover.xxx.com, xxx.com}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.xxx.com, exchange01.xxx.com, AutoDiscover.xxx.com, xxx.com}
CertificateRequest :
IisServices : {IIS://Exchange02/W3SVC/1, IIS://Exchange02/W3SVC/2}
IsSelfSigned : False
KeyIdentifier : 678B14040D42926F53EBB6E9382EB694A9AF87CC
RootCAType : Enterprise
Services : IMAP, POP, IIS, SMTP
Status : Valid
SubjectKeyIdentifier : 678B14040D42926F53EBB6E9382EB694A9AF87CC
PrivateKeyExportable : True
PublicKeySize : 2048
Identity : Exchange02.xxx.com\EB9600EF57C459933AAD9B61B8ECCB7D961E2492
ServicesStringForm : IP.WS..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Crypt
ography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : mail
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2020/8/14 14:47:59
NotBefore : 2018/8/15 14:47:59
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 204, 48, 130, 4, 180, 160, 3, 2, 1, 2, 2, 19, 90...}
SerialNumber : 5A000000115916CCC4FC52F010000000000011
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : EB9600EF57C459933AAD9B61B8ECCB7D961E2492
Version : 3
Handle : 133874282368
Issuer : CN=xxx-AD01-CA, DC=xxx, DC=com
Subject : CN=mail.xxx.com, OU=IT, O=杭州XX, L=hz, S=zj, C=CN
PSComputerName : exchange02.xxx.com
RunspaceId : 09286abd-e410-4516-847f-f1a530f6e227
PSShowComputerName : False
EnhancedKeyUsageList : {服务器身份验证 (1.3.6.1.5.5.7.3.1)}
DnsNameList : {Federation}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Federation}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 0CEE8F86D8773616DC35E81249590E5272B5BC2A
RootCAType : None
Services : SMTP, Federation
Status : Valid
SubjectKeyIdentifier : AF8A22483ADF4049B6AC311E5269FBD5
PrivateKeyExportable : True
PublicKeySize : 2048
Identity : Exchange02.xxx.com\2F63354048EB8DD8963D61E957A402F4F58DCC83
ServicesStringForm : ....SF.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : Exchange Delegation Federation
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2022/6/5 15:38:10
NotBefore : 2017/6/5 15:38:10
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 27, 48, 130, 2, 3, 160, 3, 2, 1, 2, 2, 16, 32...}
SerialNumber : 2072C6A232A952B7403FC392047CA086
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 2F63354048EB8DD8963D61E957A402F4F58DCC83
Version : 3
Handle : 133874281856
Issuer : CN=Federation
Subject : CN=Federation
PSComputerName : exchange02.xxx.com
RunspaceId : 09286abd-e410-4516-847f-f1a530f6e227
PSShowComputerName : False
EnhancedKeyUsageList : {服务器身份验证 (1.3.6.1.5.5.7.3.1)}
DnsNameList : {Exchange02, Exchange02.xxx.com}
SendAsTrustedIssuer : False
AccessRules :
CertificateDomains : {Exchange02, Exchange02.xxx.com}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 8890ABEEBA39754E0DDDFD669EA9122F2311FDF0
RootCAType : Registry
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
Identity : Exchange02.xxx.com\2A2CE0C0E60FF3BC41CB801DC6E510E94F1B9D96
ServicesStringForm : ....S..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2022/5/26 1:16:49
NotBefore : 2017/5/26 1:16:49
HasPrivateKey : True
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 26, 48, 130, 2, 2, 160, 3, 2, 1, 2, 2, 16, 31...}
SerialNumber : 1F3AD1322DCEB9B94B42AAC09D694811
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 2A2CE0C0E60FF3BC41CB801DC6E510E94F1B9D96
Version : 3
Handle : 133874276224
Issuer : CN=Exchange02
Subject : CN=Exchange02
PSComputerName : exchange02.xxx.com
RunspaceId : 09286abd-e410-4516-847f-f1a530f6e227
PSShowComputerName : False
EnhancedKeyUsageList : {服务器身份验证 (1.3.6.1.5.5.7.3.1)}
DnsNameList : {WMSvc-EXCHANGE02}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
yAccessRule}
CertificateDomains : {WMSvc-EXCHANGE02}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 2F779B89AFCF0684AB7BA82F2A69B12FBA29A749
RootCAType : Registry
Services : None
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : True
PublicKeySize : 2048
Identity : Exchange02.xxx.com\FDAA42E39F8D780C05E4EA3DC07A80E047D72C77
ServicesStringForm : .......
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : WMSVC
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2027/5/23 10:53:07
NotBefore : 2017/5/25 10:53:07
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 2, 231, 48, 130, 1, 207, 160, 3, 2, 1, 2, 2, 16, 66...}
SerialNumber : 42857CA9105080A24F2CC02E2CBF006F
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : FDAA42E39F8D780C05E4EA3DC07A80E047D72C77
Version : 3
Handle : 133874282240
Issuer : CN=WMSvc-EXCHANGE02
Subject : CN=WMSvc-EXCHANGE02
PSComputerName : exchange02.xxx.com
RunspaceId : 09286abd-e410-4516-847f-f1a530f6e227
PSShowComputerName : False
EnhancedKeyUsageList : {服务器身份验证 (1.3.6.1.5.5.7.3.1)}
DnsNameList : {Microsoft Exchange Server Auth Certificate}
SendAsTrustedIssuer : False
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
yAccessRule}
CertificateDomains : {}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 58EA16CE3A0FEC6486FB6E89DFFC7CB215D29146
RootCAType : None
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : True
PublicKeySize : 2048
Identity : Exchange02.xxx.com\FE95CFAD4210AF78850F008494627D947DB71D08
ServicesStringForm : ....S..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid}
FriendlyName : Microsoft Exchange Server Auth Certificate
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2022/4/29 7:55:35
NotBefore : 2017/5/25 7:55:35
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 41, 48, 130, 2, 17, 160, 3, 2, 1, 2, 2, 16, 20...}
SerialNumber : 14AC5694071A33BA4488311A62F33CC2
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : FE95CFAD4210AF78850F008494627D947DB71D08
Version : 3
Handle : 133874280320
Issuer : CN=Microsoft Exchange Server Auth Certificate
Subject : CN=Microsoft Exchange Server Auth Certificate
延迟发送:
xxxxxxx@qq.com
Remote Server returned '400 4.4.7 Message delayed'
原始邮件头:
Received: from Exchange02.xxx.com (172.17.0.12) by
Exchange02.xxx.com (172.17.0.12) with Microsoft SMTP Server (TLS) id
15.1.225.42; Wed, 15 Aug 2018 23:57:16 +0800
Received: from Exchange02.xxx.com ([fe80::d135:7741:681a:c5d]) by
Exchange02.xxx.com ([fe80::d135:7741:681a:c5d%15]) with mapi id
15.01.0225.041; Wed, 15 Aug 2018 23:57:16 +0800
From: =?gb2312?B?zfXR7sHW?= <wangyanglin@xxx.com>
To: "59280730@qq.com" <59280730@qq.com>
Subject: =?gb2312?B?suLK1NPKvP4=?=
Thread-Topic: =?gb2312?B?suLK1NPKvP4=?=
Thread-Index: AQHUNLCjxAdHCtEqfkq1zAdxAiaf2w==
Date: Wed, 15 Aug 2018 15:57:16 +0000
Message-ID: <77886931913f44038f5d9b518a0e0c60@xxx.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.17.3.60]
Content-Type: multipart/alternative;
boundary="_000_77886931913f44038f5d9b518a0e0c60lvwaninccom_"
MIME-Version: 1.0
Exchange2016 更新过证书后无法发外网邮件,收外网邮件可以,内部收发都可以
