/* Daemon-Einstellungen */

2014-03-21 15:07:55 +00:00 · 2014-03-21 15:07:55 +00:00 · da56e616ce
commit da56e616ce
parent f75bcf5db3
1 changed files with 48 additions and 0 deletions
--- a/Server%2Fwetu%2Fmail.mw
+++ b/Server%2Fwetu%2Fmail.mw
@ -54,6 +54,54 @@ message_size_limit = 10240000

 * <code>home_mailbox</code> gibt den Namen und gleichzeitig den Typ der Mailbox im Nutzerverzeichnis des Empfängers

+
+===== SSL Konfiguration =====
+
+<pre>
+smtp_sasl_auth_enable = no                                                         
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous, noplaintext
+smtpd_sasl_tls_security_options = noanonymous
+smtpd_sasl_authenticated_header = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+</pre>
+
+===== TLS Konfiguration =====
+
+<pre>
+#smtpd_tls_CAfile    = /etc/postfix/ssl/class3.crt
+smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
+smtpd_tls_key_file  = /etc/postfix/ssl/server.key
+smtp_tls_cert_file = /etc/postfix/ssl/server.crt
+smtp_tls_key_file  = /etc/postfix/ssl/server.key
+#smtpd_tls_loglevel = 1
+smtpd_use_tls = yes
+#smtpd_tls_auth_only = yes
+smtpd_tls_received_header = yes
+smtpd_tls_session_cache_timeout = 3600s
+tls_random_source = dev:/dev/urandom
+smtp_tls_note_starttls_offer = yes
+smtp_use_tls = yes
+smtpd_tls_auth_only = no
+# tls cipher and protocol
+#smtpd_tls_security_level = encrypt
+smtpd_tls_ciphers = high
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
+smtpd_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
+smtpd_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
+
+
+smtp_tls_mandatory_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
+smtp_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SEED, 3DES, DES, MD5, EXP, CBC, PSD, PSK, SRP, DSS, RC4
+smtp_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3
+smtp_tls_ciphers = high
+smtp_tls_mandatory_ciphers = high
+
+smtp_tls_security_level = may
+</pre>
+
 ==== virtual ====

 In der virtual sind alle Weiterleitungen / Aliase konfiguriert. Wenn diese geändert wird, muss anschließend <source lang="bash">postmap /etc/postfix/virtual</source> ausgeführt werden.