[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: Frage zur Erstellung der Datenbank
[Thread Prev] | [Thread Next]
[Date Prev] | [Date Next]
- Subject: AW: Frage zur Erstellung der Datenbank
- From: Ronny Wagner <r.wagner@xxxxxxxxx>
- Date: Tue, 22 Aug 2017 12:21:54 +0000
Hallo Andreas,
sorry für die späte Rückmeldung, ich war die letzte Woche außer Haus.
Wie gewünscht, anbei die zwei Ausgaben.
Was denkst du wo ich am besten nochmal ansetzen soll?
Danke
root@:~# postconf -n
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
delay_warning_time = 12h
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4, ipv6
invalid_hostname_reject_code = 554
local_transport = error:no local mail delivery
maildrop_destination_recipient_limit = 1
maximal_queue_lifetime = 30d
message_size_limit = 250485760
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.$mydomain
mydomain = licoho.de
myhostname = as02.licoho.de
mynetworks = 127.0.0.0/8, [::1]
myorigin = as02.licoho.de
non_fqdn_reject_code = 554
non_smtpd_milters = inet:127.0.0.1:12335, inet:localhost:12345, inet:localhost:9991
policyd-spf_time_limit = 3600
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
relay_domains_reject_code = 554
relay_recipient_maps = hash:/etc/postfix/relay_recipients
smtp_address_preference = ipv4
smtp_dns_support_level = dnssec
smtp_helo_timeout = 60s
smtp_host_lookup = dns
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/backupmx, reject_unknown_client, reject_unauth_pipelining, permit
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access regexp:/etc/postfix/add_auth_header.regexp, check_policy_service inet:127.0.0.1:10023, reject_multi_recipient_bounce, reject_unauth_pipelining, permit
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access hash:/etc/postfix/backupmx, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, permit
smtpd_milters = inet:127.0.0.1:12335, inet:localhost:12345, inet:localhost:9991
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/backupmx, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/client_access, check_policy_service inet:127.0.0.1:10023, check_policy_service inet:127.0.0.1:10040, check_policy_service unix:private/policy-geoip check_client_access hash:/etc/postfix/rbl_whitelist, reject_rbl_client bl.blocklist.de, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = regexp:/etc/postfix/sender_access.regexp, permit_mynetworks, check_client_access hash:/etc/postfix/backupmx, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/SERVER.cert.pem
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/SERVER.key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = mysql:/etc/postfix/mysql-virtual_transports.cf, hash:/etc/postfix/transport, regexp:/etc/postfix/transport.regexp
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit = 30485760
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = maildrop
virtual_uid_maps = static:5000
yahoo_destination_concurrency_limit = 4
yahoo_destination_rate_delay = 1s
yahoo_destination_recipient_limit = 2
yahoo_initial_destination_concurrency = 1
root@:~# postconf -M
127.0.0.1:25 inet n - - - - smtpd
[::1]:25 inet n - - - - smtpd
XXX.XXX.XXX.XXX:25 inet n - - - 60 smtpd -o smtpd_proxy_timeout=600s -o smtpd_sasl_auth_enable=no -o smtpd_tls_key_file=/etc/ssl/private/SERVER.key.pem -o smtpd_tls_cert_file=/etc/postfix/ssl/SERVER.cert.pem -o syslog_name=postfix-ipv4_25
smtp-amavis unix - - - - 2 lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o syslog_name=smtp-amavis
XXX.XXX.XXX.XXX:587 inet n - - - 25 smtpd -o smtpd_etrn_restrictions=reject -o smtpd_enforce_tls=no -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10028 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_tls_key_file=/etc/ssl/private/SERVER.key.pem -o smtpd_tls_cert_file=/etc/postfix/ssl/SERVER.cert.pem -o syslog_name=postfix-ipv4_587
dksign unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,starttls
pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks
cleanup unix n - n - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks.pcre -o mime_header_checks= -o nested_header_checks= -o body_checks=pcre:/etc/postfix/body_checks
pre-cleanup unix n - n - 0 cleanup -o canonical_maps= -o sender_canonical_maps= -o recipient_canonical_maps= -o masquerade_domains= -o virtual_alias_maps= -o always_bcc= -o sender_bcc_maps= -o recipient_bcc_maps=
local unix - n n - - local -o content_filter= -o myhostname=localhost -o local_recipient_maps= -o relay_recipient_maps= -o mynetworks=127.0.0.0/8 -o mynetworks_style=host -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject
spamassassin unix - n n - - pipe user=amavis argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp -o fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
avgtcpd unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8,192.168.104.0/24,84.200.66.117,84.200.66.119,213.136.89.29 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o smtpd_milters= -o local_header_rewrite_clients= -o local_recipient_maps= -o relay_recipient_maps= -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o syslog_name=postfix-local_ipv4_10025
[::1]:10025 inet n - - - - smtpd -o content_filter= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8,192.168.104.0/24,84.200.66.117 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o smtpd_milters= -o local_header_rewrite_clients= -o local_recipient_maps= -o relay_recipient_maps= -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o syslog_name=postfix-local_ipv6_10025
127.0.0.1:10029 inet n - n - 10 smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10026 -o smtpd_use_tls=no -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
127.0.0.1:10031 inet n - n - 10 smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks
[::1]:10029 inet n - n - 10 smtpd -o smtpd_use_tls=no -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
[::1]:10031 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks
maildrop unix - n n - - pipe flags=Ru user=vmail:daemon argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
retry unix - - - - - error
policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/bin/python /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf
policy-geoip unix - n n - 0 spawn user=nobody argv=/usr/bin/policyd-geoip
yahoo unix - - n - - smtp -o syslog_name=postfix-yahoo
-----Ursprüngliche Nachricht-----
Von: A. Schulze [mailto:sca@xxxxxxxxxxxxxxxxx]
Gesendet: Samstag, 12. August 2017 21:06
An: users@xxxxxxxxxxxxxxxxxx
Betreff: Re: Frage zur Erstellung der Datenbank
Am 11.08.2017 um 23:57 schrieb Ronny Wagner:
> Wie ich aus dem Manual herausgelesen und verstanden habe, soll die Datei wie folgt aufgebaut sein:
> email@xxxxxx /etc/signing-milter/email@xxxxxx-cert+key.pem
> Ich habe also das Zertifikat & den Key in ein File gepackt (zusätzlich könnte man noch das Rootcertificat & Intermediatecertificat mit reinpacken, zum Ende des Files, oder?)
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> -----BEGIN RSA PRIVATE KEY-----
> -----END RSA PRIVATE KEY-----
>
> Falls ich dies hier falsch interpretiert habe, bitte verbessert mich.
ich nutze mittlerweile "/etc/ssl/${SUBJECT}/cert+key.pem", also ein Verzeichnis pro Zertifikat.
Eventuelle Zwischenzertifikate (ohne Root!) liegen dann in "/etc/ssl/${SUBJECT}/chain.pem"
>
> Mein Verständnisproblem besteht jetzt daraus, dass die Mail für mein aktuelles Verständnis nicht signiert wird.
>
> Logmeldung:
> signing-milter[12476]: callback_header: got queuid: 3D00FCF4648
> signing-milter[12476]: 3D00FCF4648: clearsigned with /etc/signing-milter/email@xxxxxx-cert+key.pem (ohne chain
> signing-milter[12476]: callback_header: got queuid: 5FDECCF4680
> signing-milter[12476]: mail seemes allready signed.
das sind 2 verschiedene QueueIDs, also 2 unterschiedliche Mails.
Mail 3D00FCF4648 wurde signiert, 5FDECCF4680 eben nicht,
Kann's sein, dass die Mail über einen Contentfilter läuft?
zeig' mal die Ausgaben von "postconf -n" und "postconf -M"
Andreas
Attachment:
F64B72EDA591C786_r.wagner@licoho.de.asc
Description: F64B72EDA591C786_r.wagner@licoho.de.asc
| Frage zur Erstellung der Datenbank | Ronny Wagner <r.wagner@xxxxxxxxx> |
| Re: Frage zur Erstellung der Datenbank | "A. Schulze" <sca@xxxxxxxxxxxxxxxxx> |
| Re: Frage zur Erstellung der Datenbank | "A. Schulze" <sca@xxxxxxxxxxxxxxxxx> |
| AW: Frage zur Erstellung der Datenbank | Ronny Wagner <r.wagner@xxxxxxxxx> |
| Re: Frage zur Erstellung der Datenbank | "A. Schulze" <sca@xxxxxxxxxxxxxxxxx> |