[Postfixbuch-users] postfix mit tls

[Matthias Albert]

On Wed, 2004-03-17 at 21:49, Ralf Hildebrandt wrote:
> * Matthias Albert <matthias at ma-c.de>:
> 
> > postfix läuft nicht chrooted
> > smtpd.conf ist soweit richtig
> 
> Ha! Zeigen :)
cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
mech_list: plain login
auxprop_plugin: sql
password_format: crypt
sql_hostname: localhost
sql_engine: mysql
sql_user: USER
sql_passwd: PASSWD
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username ='%u@%r'

und diesmal steht kein Passwort noch irgendwie encoded mit dabei :-)
> > fals saslauthd automatisch mit gestartet dann ja, ansonsten nein 
> > wenn postfix läuft und ich ein ps aux |grep saslau mache bekomm ich
> > nichts.
> > 
> > Muss postfix chrooted laufen?
> 
> Nee, erstmal nicht
>  
> > Bevor ich postfix den tls patch aufs auge gedrückt habe lief doch alles
> > wunderbar.
> 
> Schwer zu glauben.

war so...hab schon fleissig Mails emfpangen und verschickt..

postconf |grep tls
postconf |grep tls
smtp_enforce_tls = no
smtp_sasl_tls_security_options = $var_smtp_sasl_opts
smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_cipherlist =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no
smtpd_enforce_tls = no
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_cipherlist =
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = yes
tls_daemon_random_bytes = 32
tls_daemon_random_source =
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 60s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom

Viele Grüsse,
Matthias