Versand mit neuem SSL-Zertifikat
Sebastian Gödecke
simpsonetti at googlemail.com
Di Okt 29 09:10:28 CET 2019
Okay, vielleciht habe ich mich auch etwas falsch ausgedrückt:
es geht darum, das ich an unseren internen Mailserver einliefern
möchte. Von Postfix raus zu unserem externen Mailserver klappt.
Das ist grundsätzlich ein vorkonfiguriertes System für Schulen. Da ist
einges schon angepasst, anders habe ich hinzugefügt...
postconf -n
alias_maps = hash:/etc/aliases, hash:/etc/aliases.d/oss-groups,
mysql:/etc/postfix/mysql-aliases.cf
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
compatibility_level = 2
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/bin/
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
defer_transports =
delay_warning_time = 6h
disable_dns_lookups = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 50000000
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost
myhostname = sub.domain.de
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_clientcerts =
relay_domains = $mydestination, hash:/etc/postfix/relay
relayhost = [externer.mailserver.com]
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_enforce_tls = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 50
smtpd_client_message_rate_limit = 50
smtpd_client_recipient_rate_limit = 50
smtpd_client_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unknown_client
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_rbl_client multi.uribl.com,reject_rbl_client
dsn.rfc-ignorant.org,reject_rbl_client
dul.dnsbl.sorbs.net,reject_rbl_client list.dsbl.org,reject_rbl_client
sbl-xbl.spamhaus.org,reject_rbl_client
bl.spamcop.net,reject_rbl_client dnsbl.sorbs.net,reject_rbl_client
cbl.abuseat.org,reject_rbl_client
ix.dnsbl.manitu.net,reject_rbl_client
combined.rbl.msrbl.net,reject_rbl_client rabl.nuclearelephant.com,
reject_non_fqdn_sender, reject
smtpd_recipient_limit = 50
smtpd_recipient_overshoot_limit = 50
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_rbl_client multi.uribl.com,reject_rbl_client
dul.dnsbl.sorbs.net,reject_rbl_client list.dsbl.org,reject_rbl_client
sbl-xbl.spamhaus.org,reject_rbl_client
bl.spamcop.net,reject_rbl_client dnsbl.sorbs.net,reject_rbl_client
cbl.abuseat.org,reject_rbl_client
ix.dnsbl.manitu.net,reject_rbl_client
combined.rbl.msrbl.net,reject_rbl_client rabl.nuclearelephant.com,
reject
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, permit_mynetworks, reject_rbl_client
multi.uribl.com,reject_rbl_client
dsn.rfc-ignorant.org,reject_rbl_client
dul.dnsbl.sorbs.net,reject_rbl_client list.dsbl.org,reject_rbl_client
sbl-xbl.spamhaus.org,reject_rbl_client
bl.spamcop.net,reject_rbl_client dnsbl.sorbs.net,reject_rbl_client
cbl.abuseat.org,reject_rbl_client
ix.dnsbl.manitu.net,reject_rbl_client
combined.rbl.msrbl.net,reject_rbl_client rabl.nuclearelephant.com,
reject
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_ask_ccert = no
smtpd_tls_cert_file = /etc/ssl/servercerts/__ZERTIFIKAT_de.crt
smtpd_tls_key_file = /etc/ssl/servercerts/private.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
Am Di., 29. Okt. 2019 um 09:04 Uhr schrieb Winfried Neessen <wn at neessen.net>:
>
> Hi,
>
> On 29. Oct 2019, at 09:01, Sebastian Gödecke <simpsonetti at googlemail.com> wrote:
>
> > Okay, hast recht:
> > smtpd_tls_CApath = /etc/ssl/certs/
> > smtpd_tls_ask_ccert = no
> > smtpd_tls_cert_file = /etc/ssl/servercerts/__bbs1-gifhorn_de.crt
> > smtpd_tls_key_file = /etc/ssl/servercerts/private.key
> > smtpd_tls_loglevel = 1
> > smtpd_tls_received_header = no
> > smtpd_use_tls = yes
>
> Gib doch einfach die komplette Konfig, dann braucht man nicht mehrfach nachfragen.
> Fuer den Versand ist smtpd_* uninteressant. Du brauchst smtp_tls_* dafuer.
>
> Falls das schon konfiguriert sein sollte, kein TLS Zert.-Austausch mit der Gegenseit stattfindet, waeren Logs
> noch sinnvoll.
>
>
> Winni
--
Mit freundlichen Grüßen
Sebastian Gödecke
Mehr Informationen über die Mailingliste Postfixbuch-users