Postfix, SSL und Thunderbird

Dieses Thema im Forum "Fragen zu Howtos" wurde erstellt von wahid, 11. Aug. 2010.

  1. wahid

    wahid New Member

    Hallo HowToForge-User,

    ich habe mein System nach der Anleitung "http://www.howtoforge.de/howto/der-perfekte-server-debian-lenny-debian-50-ispconfig-3/4/" eingerichtet. Alle Dienste laufen momentan problemlos.

    1. Ich habe versucht über Thunderbird ein Client-Konto zu erstellen, aber Thunderbird meldet sich immer, dass entweder der Benutzername oder das Passwort falsch ist. Inzwischen konnte Thunderbird automatisch folgende Einstellungen ermitteln:
    Posteingang-Server: imap.domain.tld 143 STARTTLS
    Postausgang-Server: smtp.domain.tld 587 STARTTLS

    Ich habe ausprobiert den Benutzernamen mit und ohne "@domai.tld" einzugen, aber beide findet Thunderbird falsch. Was kann ich noch einstellen?

    2. Da ich den SSL-Modus für Postfix eingerichtet habe, scheint es unter Thunderbird nicht zu funktionieren. Hier ist die main.cf, vielleicht habe ich was falsch eingegeben:

    Code:
    
    smtpd_banner = $myhostname ESMTP Mailserver (Debian/GNU)
    biff = no
    
    append_dot_mydomain = no
    
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_CAfile = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom 
    smtp_use_tls = yes 
    smtp_tls_key_file = /etc/postfix/smtpd.key
    smtp_tls_cert_file = /etc/postfix/smtpd.cert
    smtp_tls_CAfile = /etc/postfix/smtpd.cert
    
    myhostname = server.domain.tld
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = server.domain.tld, localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    
    # smtpd_recipient_restrictions, überpüft den zu sendenden Server nach bestimmten Kriterien, sollte z.B. der hostname nicht stimmen,
    # ist die Wahrscheinlichkeit, dass es ein Spammer ist sehr hoch und wir blocken ihn. 
    smtpd_recipient_restrictions = 
        permit_mynetworks,
        permit_sasl_authenticated,
        check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
        reject_unauth_destination,
        reject_unknown_recipient_domain,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unauth_pipelining,
        reject_rbl_client zombie.dnsbl.sorbs.net,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client dialup.blacklist.jippg.org,
        reject_rbl_client cbl.abuseat.org,
        permit
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    
    smtpd_sender_restrictions =
        check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf,
        reject_unknown_address,
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_rhsbl_client rhsbl.sorbs.net,
        reject_rhsbl_sender rhsbl.sorbs.net,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client dialup.blacklist.jippg.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client cbl.abuseat.org,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining 
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_invalid_hostname
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain =
    smtp_sasl_auth_enable = no
    broken_sasl_auth_clients = yes
    
    # sollte ein Server in einer der RBL Listen stehen, bekommt er die eingegebene Nachricht
    default_rbl_reply = $rbl_code RBLTRAP: You can't send us a E-mail today!!! 
    
    # der sendende Mailserver uns erst "Hallo" sagen muss. Viren machen das oft nicht und somit
    # können Sie sich schlecht bei uns verteilen. 
    smtpd_helo_required = yes 
    
    # smtpd_helo_restrictions, überpüft den sendenden Server, nachdem er "Hallo" gesagt hat.  
    smtpd_helo_restrictions = 
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_rhsbl_client rhsbl.sorbs.net,
        reject_rhsbl_sender rhsbl.sorbs.net,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client dialup.blacklist.jippg.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client cbl.abuseat.org,
        reject_unauth_pipelining 
    
    
    Eine netstat-Abfrage zeigt:
    Code:
     ~# netstat -ntpl | grep master
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      20438/master
    tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      20438/master
    tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      20438/master
    tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      20438/master
    
    
    Danke euch für eure Unterstützung
     

Diese Seite empfehlen