/* Daemon-Einstellungen */

This commit is contained in:
Nek0 2014-03-21 15:07:55 +00:00
parent f75bcf5db3
commit da56e616ce

View File

@ -54,6 +54,54 @@ message_size_limit = 10240000
* <code>home_mailbox</code> gibt den Namen und gleichzeitig den Typ der Mailbox im Nutzerverzeichnis des Empfängers
===== SSL Konfiguration =====
<pre>
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
</pre>
===== TLS Konfiguration =====
<pre>
#smtpd_tls_CAfile = /etc/postfix/ssl/class3.crt
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtp_tls_cert_file = /etc/postfix/ssl/server.crt
smtp_tls_key_file = /etc/postfix/ssl/server.key
#smtpd_tls_loglevel = 1
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_tls_auth_only = no
# tls cipher and protocol
#smtpd_tls_security_level = encrypt
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
smtpd_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
smtpd_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
smtp_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
smtp_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
smtp_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtp_tls_security_level = may
</pre>
==== virtual ====
In der virtual sind alle Weiterleitungen / Aliase konfiguriert. Wenn diese geändert wird, muss anschließend <source lang="bash">postmap /etc/postfix/virtual</source> ausgeführt werden.