*Empty MediaWiki Message*

2014-03-23 21:06:36 +00:00 · 2014-03-23 21:06:36 +00:00 · b76d9464ff
commit b76d9464ff
parent b120300567
1 changed files with 37 additions and 21 deletions
--- a/Server%2Fwetu%2Fmail.mw
+++ b/Server%2Fwetu%2Fmail.mw
@ -70,29 +70,16 @@ smtpd_sasl_path = private/auth
 ===== TLS Konfiguration =====

 <pre>
-#smtpd_tls_CAfile    = /etc/postfix/ssl/class3.crt
-smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
-smtpd_tls_key_file  = /etc/postfix/ssl/server.key
+tls_random_source = dev:/dev/urandom
+
+### mail - server to server
 smtp_tls_cert_file = /etc/postfix/ssl/server.crt
 smtp_tls_key_file  = /etc/postfix/ssl/server.key
-#smtpd_tls_loglevel = 1
-smtpd_use_tls = yes
-#smtpd_tls_auth_only = yes
-smtpd_tls_received_header = yes
-smtpd_tls_session_cache_timeout = 3600s
-tls_random_source = dev:/dev/urandom
+
 smtp_tls_note_starttls_offer = yes
 smtp_use_tls = yes
-smtpd_tls_auth_only = no
-# tls cipher and protocol
-#smtpd_tls_security_level = encrypt
-smtpd_tls_ciphers = high
-smtpd_tls_mandatory_ciphers = high
-smtpd_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
-smtpd_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
-smtpd_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
-

+### _mandatory gilt fuer security_level = encrypt / _OHNE_mandatory gilt fuer security_level = may
 smtp_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
 smtp_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
 smtp_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
@ -101,11 +88,40 @@ smtp_tls_mandatory_ciphers = high

 smtp_tls_security_level = may
 smtp_tls_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
-smtpd_tls_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
-

 smtp_tls_loglevel = 1
-smtpd_tls_loglevel = 1 
+
+
+### mail - client to server
+smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
+smtpd_tls_key_file  = /etc/postfix/ssl/server.key
+#smtpd_tls_CAfile    = /etc/postfix/ssl/class3.crt
+
+smtpd_use_tls = yes
+#smtpd_tls_auth_only = yes
+smtpd_tls_received_header = yes
+smtpd_tls_session_cache_timeout = 3600s
+
+smtpd_tls_auth_only = no
+# tls cipher and protocol
+#smtpd_tls_security_level = encrypt
+
+### _mandatory gilt fuer security_level = encrypt / _OHNE_mandatory gilt fuer security_level = may
+smtpd_tls_ciphers = high
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
+smtpd_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
+smtpd_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
+smtpd_tls_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
+
+smtpd_tls_loglevel = 1
+
+
+### smtpd security_level = MUSS may sein, sonst kann sich Amavis nicht connecten: ###
+### 
+### From MTA(smtp:[127.0.0.1]:10025) during fwd-rundown-1 (Negative SMTP response to RSET: 530 5.7.0 Must issue a STARTTLS command first at
+### Blocked MTA-BLOCKED {RejectedInbound} proxy-reject: END-OF-MESSAGE: 530 5.7.0 - Rejected by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025): 530 5.7.0 Must issue a STARTTLS command first
+#smtpd_tls_security_level = may
 </pre>

 ===== SSL Cipher Suites Supported =====