Postfix, SSL und Thunderbird

#1
Hallo HowToForge-User,

ich habe mein System nach der Anleitung "http://www.howtoforge.de/howto/der-perfekte-server-debian-lenny-debian-50-ispconfig-3/4/" eingerichtet. Alle Dienste laufen momentan problemlos.

1. Ich habe versucht über Thunderbird ein Client-Konto zu erstellen, aber Thunderbird meldet sich immer, dass entweder der Benutzername oder das Passwort falsch ist. Inzwischen konnte Thunderbird automatisch folgende Einstellungen ermitteln:
Posteingang-Server: imap.domain.tld 143 STARTTLS
Postausgang-Server: smtp.domain.tld 587 STARTTLS

Ich habe ausprobiert den Benutzernamen mit und ohne "@domai.tld" einzugen, aber beide findet Thunderbird falsch. Was kann ich noch einstellen?

2. Da ich den SSL-Modus für Postfix eingerichtet habe, scheint es unter Thunderbird nicht zu funktionieren. Hier ist die main.cf, vielleicht habe ich was falsch eingegeben:

Code:
smtpd_banner = $myhostname ESMTP Mailserver (Debian/GNU)
biff = no

append_dot_mydomain = no

#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_CAfile = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom 
smtp_use_tls = yes 
smtp_tls_key_file = /etc/postfix/smtpd.key
smtp_tls_cert_file = /etc/postfix/smtpd.cert
smtp_tls_CAfile = /etc/postfix/smtpd.cert

myhostname = server.domain.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server.domain.tld, localhost, localhost.localdomain
relayhost = 
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes

# smtpd_recipient_restrictions, überpüft den zu sendenden Server nach bestimmten Kriterien, sollte z.B. der hostname nicht stimmen,
# ist die Wahrscheinlichkeit, dass es ein Spammer ist sehr hoch und wir blocken ihn. 
smtpd_recipient_restrictions = 
    permit_mynetworks,
    permit_sasl_authenticated,
    check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
    reject_unauth_destination,
    reject_unknown_recipient_domain,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unauth_pipelining,
    reject_rbl_client zombie.dnsbl.sorbs.net,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client blackholes.easynet.nl,
    reject_rbl_client dialup.blacklist.jippg.org,
    reject_rbl_client cbl.abuseat.org,
    permit
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

smtpd_sender_restrictions =
    check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf,
    reject_unknown_address,
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination,
    reject_rhsbl_client rhsbl.sorbs.net,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client dialup.blacklist.jippg.org,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client cbl.abuseat.org,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining 
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_invalid_hostname
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = no
broken_sasl_auth_clients = yes

# sollte ein Server in einer der RBL Listen stehen, bekommt er die eingegebene Nachricht
default_rbl_reply = $rbl_code RBLTRAP: You can't send us a E-mail today!!! 

# der sendende Mailserver uns erst "Hallo" sagen muss. Viren machen das oft nicht und somit
# können Sie sich schlecht bei uns verteilen. 
smtpd_helo_required = yes 

# smtpd_helo_restrictions, überpüft den sendenden Server, nachdem er "Hallo" gesagt hat.  
smtpd_helo_restrictions = 
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_non_fqdn_hostname,
    reject_invalid_hostname,
    reject_rhsbl_client rhsbl.sorbs.net,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client dialup.blacklist.jippg.org,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client cbl.abuseat.org,
    reject_unauth_pipelining
Eine netstat-Abfrage zeigt:
Code:
 ~# netstat -ntpl | grep master
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      20438/master
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      20438/master
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      20438/master
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      20438/master
Danke euch für eure Unterstützung
 

Werbung