[Postfixbuch-users] hold: header Received:

Michael Reincke postfixbuch at famre.de
Di Dez 23 08:30:39 CET 2014


Hallo,

das Problem ist Option smtpd_tls_ask_ccert. Versuche es einmal mit " smtpd_tls_ask_ccert=no".
smtpd_use_tls ist obsolet. Du musst z.B. "smtpd_tls_security_level=may" setzen.

Gruß
Michael Reincke

Am 23. Dezember 2014 00:53:00 MEZ, schrieb "siefke_listen at web.de" <siefke_listen at web.de>:
>Hallo, 
>
>ich versuche gerade ein paar Änderungen an Postfix vorzunehmen. Das
>Ziel 
>ist der Einsatz von postscreen und die smtpd_restriction_classes. Jetzt
>möchte ich gerne den Port 587 zur Einlieferung von Emails nutzen, aber
>irgendwie erhalte ich nur den folgenden logeintrag:
>
>Dec 23 00:45:43 ks3374456 postfix/cleanup[30499]: 2F21124090A: hold:
>header Received: from gentoomobile.silviosiefke.de (unknown
>[46.114.32.186])??(using TLSv1 with cipher ECDHE-RSA-AES256-SHA
>(256/256 bits))??(Client did not present a certificate)??by
>ks3374456.kimsufi.com ( from unknown[46.114.32.186];
>from=<webmaster at silviosiefke.com> to=<siefkesilvio at gmail.com>
>proto=ESMTP helo=<gentoomobile.silviosiefke.de>
>
>Die Emails kommen nicht an, was ja klar ist bei hold message. Aber ich 
>verstehe nicht woran das liegt. Über Port 25 und starttls läuft es ohne
>Probleme. Hat hier jemand Rat? Vorschläge?
>
>Mfg
>Silvio
>
>ks3374456 postfix # postconf -n
>alias_database = hash:/etc/aliases
>alias_maps = hash:/etc/aliases
>append_dot_mydomain = no
>biff = no
>broken_sasl_auth_clients = yes
>command_directory = /usr/sbin
>config_directory = /etc/postfix
>daemon_directory = /usr/libexec/postfix
>data_directory = /var/lib/postfix
>disable_vrfy_command = yes
>header_checks = regexp:/etc/postfix/header_checks
>home_mailbox = Maildir/
>html_directory = no
>inet_interfaces = all
>inet_protocols = all
>mail_owner = postfix
>mailbox_size_limit = 0
>mailq_path = /usr/bin/mailq
>manpage_directory = /usr/share/man
>masquerade_domains =
>mydestination = $myhostname, localhost
>myhostname = ks3374456.kimsufi.com
>mynetworks = 127.0.0.1, 10.8.0.1
>mynetworks_style = subnet
>myorigin = $myhostname
>newaliases_path = /usr/bin/newaliases
>queue_directory = /var/spool/postfix
>readme_directory = no
>recipient_delimiter = +
>sample_directory = /etc/postfix
>sendmail_path = /usr/sbin/sendmail
>setgid_group = postdrop
>smtp_tls_CAfile = /etc/postfix/key/sub.class1.server.ca.pem
>smtp_tls_cert_file = /etc/postfix/key/mail_silviosiefke_com.crt
>smtp_tls_key_file = /etc/postfix/key/mail_silviosiefke_com.key
>smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
>smtp_use_tls = yes
>smtpd_banner = $myhostname ESMTP
>smtpd_helo_required = yes
>smtpd_proxy_timeout = 3600s
>smtpd_recipient_restrictions = reject_unknown_sender_domain,
>reject_non_fqdn_sender, permit_mynetworks, reject_unlisted_sender,
>permit_sasl_authenticated, reject_unauth_pipelining check_helo_access
>pcre:/etc/postfix/helo_checks.pcre, check_sender_access
>hash:/etc/postfix/blacklist, check_policy_service
>unix:private/policyd-spf, check_policy_service unix:private/postgrey,
>permit
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_path = private/auth
>smtpd_sasl_type = dovecot
>smtpd_sender_restrictions = reject_unknown_sender_domain,
>reject_non_fqdn_sender, permit_mynetworks, reject_unlisted_sender,
>permit_sasl_authenticated, reject_unauth_pipelining
>smtpd_timeout = 3600s
>smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
>smtpd_tls_ask_ccert = yes
>smtpd_tls_cert_file = /etc/postfix/key/mail.silviosiefke.com.crt
>smtpd_tls_dh1024_param_file = /etc/postfix/key/dh_1024.pem
>smtpd_tls_dh512_param_file = /etc/postfix/key//dh_512.pem
>smtpd_tls_eecdh_grade = strong
>smtpd_tls_key_file = /etc/postfix/key/mail_silviosiefke_com.key
>smtpd_tls_loglevel = 1
>smtpd_tls_mandatory_ciphers = high
>smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
>smtpd_tls_received_header = yes
>smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
>smtpd_use_tls = yes
>tls_high_cipherlist =
>EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>tls_random_source = dev:/dev/urandom
>virtual_alias_maps = hash:/etc/postfix/virtual
>virtual_gid_maps = static:5000
>virtual_mailbox_base = /var/vmail
>virtual_mailbox_domains = /etc/postfix/vhost
>virtual_mailbox_maps = hash:/etc/postfix/vmaps
>virtual_minimum_uid = 100
>virtual_transport = lmtp:unix:private/dovecot-lmtp
>virtual_uid_maps = static:5000
>postconf: warning: /etc/postfix/main.cf: unused parameter:
>policy-spf_time_limit=3600s
>postconf: warning: /etc/postfix/master.cf: unused parameter:
>content_filer=
>
>ks3374456 postfix # cat master.cf
>smtp      inet   n       -       n       -       -       smtpd
>   -o smtpd_proxy_filter=127.0.0.1:10024
>   -o smtpd_proxy_timeout=180s
>
>amavis     unix  -       -       n       -       6       smtp
>    -o smtp_data_done_timeout=1200
>    -o smtp_send_xforward_command=yes
>    -o disable_dns_lookups=yes
>    -o max_use=20
>
>127.0.0.1:10025 inet n   -       -       -       -       smtpd
>    -o content_filter=
>    -o local_recipient_maps=
>    -o relay_recipient_maps=
>    -o smtpd_restriction_classes=
>    -o smtpd_delay_reject=no
>    -o smtpd_client_restrictions=permit_mynetworks,reject
>    -o smtpd_helo_restrictions=
>    -o smtpd_sender_restrictions=
>    -o smtpd_recipient_restrictions=permit_mynetworks,reject
>    -o smtpd_data_restrictions=reject_unauth_pipelining
>    -o smtpd_end_of_data_restrictions=
>    -o mynetworks=127.0.0.0/8
>    -o smtpd_error_sleep_time=0
>    -o smtpd_soft_error_limit=1001
>    -o smtpd_hard_error_limit=1000
>    -o smtpd_client_connection_count_limit=0
>    -o smtpd_client_connection_rate_limit=0
>-o
>receive_override_options=no_header_body_checks,no_unknown_recipient_checks
>
>
>submission inet  n       -       n       -       -       smtpd
>    -o smtpd_etrn_restrictions=reject
>    -o smtpd_sasl_type=dovecot
>    -o smtpd_sasl_path=private/auth
>    -o smtpd_sasl_auth_enable=yes
>    -o smtpd_reject_unlisted_sender=yes
>-o
>smtpd_sender_restrictions=reject_unknown_address,reject_unknown_sender_domain
>-o
>smtpd_recipient_restrictions=reject_unknown_recipient_domain,permit_sasl_authenticated,reject
>
>
>smtps     inet  n       -       n       -       -       smtpd
>  -o syslog_name=postfix/smtps
>  -o smtpd_tls_wrappermode=yes
>  -o smtpd_sasl_auth_enable=yes
>  -o smtpd_reject_unlisted_recipient=yes
>  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
>
>pickup    unix  n       -       n       60      1       pickup
>  -o content_filer=
>  -o receive_override_options=no_header_body_checks
>
>cleanup   unix  n       -       n       -       0       cleanup
>qmgr      unix  n       -       n       300     1       qmgr
>tlsmgr    unix  -       -       n       1000?   1       tlsmgr
>rewrite   unix  -       -       n       -       -       trivial-rewrite
>bounce    unix  -       -       n       -       0       bounce
>defer     unix  -       -       n       -       0       bounce
>trace     unix  -       -       n       -       0       bounce
>verify    unix  -       -       n       -       1       verify
>flush     unix  n       -       n       1000?   0       flush
>proxymap  unix  -       -       n       -       -       proxymap
>proxywrite unix -       -       n       -       1       proxymap
>smtp      unix  -       -       n       -       -       smtp
>relay     unix  -       -       n       -       -       smtp
> -o fallback_relay=
>showq     unix  n       -       n       -       -       showq
>error     unix  -       -       n       -       -       error
>retry     unix  -       -       n       -       -       error
>discard   unix  -       -       n       -       -       discard
>local     unix  -       n       n       -       -       local
>virtual   unix  -       n       n       -       -       virtual
>lmtp      unix  -       -       n       -       -       lmtp
>anvil     unix  -       -       n       -       1       anvil
>scache    unix  -       -       n       -       1       scache
>
>policyd-spf  unix  -       n       n       -       0       spawn
>  user=nobody argv=/usr/bin/python2 /usr/bin/policyd-spf
>
>-- 
>_______________________________________________
>Postfixbuch-users -- http://www.postfixbuch.de
>Heinlein Professional Linux Support GmbH
>
>Postfixbuch-users at listen.jpberlin.de
>https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users

-- 
Michael Reincke
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20141223/16fecda4/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users