[Postfixbuch-users] hold: header Received:
Michael Reincke
postfixbuch at famre.de
Di Dez 23 08:30:39 CET 2014
Hallo,
das Problem ist Option smtpd_tls_ask_ccert. Versuche es einmal mit " smtpd_tls_ask_ccert=no".
smtpd_use_tls ist obsolet. Du musst z.B. "smtpd_tls_security_level=may" setzen.
Gruß
Michael Reincke
Am 23. Dezember 2014 00:53:00 MEZ, schrieb "siefke_listen at web.de" <siefke_listen at web.de>:
>Hallo,
>
>ich versuche gerade ein paar Änderungen an Postfix vorzunehmen. Das
>Ziel
>ist der Einsatz von postscreen und die smtpd_restriction_classes. Jetzt
>möchte ich gerne den Port 587 zur Einlieferung von Emails nutzen, aber
>irgendwie erhalte ich nur den folgenden logeintrag:
>
>Dec 23 00:45:43 ks3374456 postfix/cleanup[30499]: 2F21124090A: hold:
>header Received: from gentoomobile.silviosiefke.de (unknown
>[46.114.32.186])??(using TLSv1 with cipher ECDHE-RSA-AES256-SHA
>(256/256 bits))??(Client did not present a certificate)??by
>ks3374456.kimsufi.com ( from unknown[46.114.32.186];
>from=<webmaster at silviosiefke.com> to=<siefkesilvio at gmail.com>
>proto=ESMTP helo=<gentoomobile.silviosiefke.de>
>
>Die Emails kommen nicht an, was ja klar ist bei hold message. Aber ich
>verstehe nicht woran das liegt. Über Port 25 und starttls läuft es ohne
>Probleme. Hat hier jemand Rat? Vorschläge?
>
>Mfg
>Silvio
>
>ks3374456 postfix # postconf -n
>alias_database = hash:/etc/aliases
>alias_maps = hash:/etc/aliases
>append_dot_mydomain = no
>biff = no
>broken_sasl_auth_clients = yes
>command_directory = /usr/sbin
>config_directory = /etc/postfix
>daemon_directory = /usr/libexec/postfix
>data_directory = /var/lib/postfix
>disable_vrfy_command = yes
>header_checks = regexp:/etc/postfix/header_checks
>home_mailbox = Maildir/
>html_directory = no
>inet_interfaces = all
>inet_protocols = all
>mail_owner = postfix
>mailbox_size_limit = 0
>mailq_path = /usr/bin/mailq
>manpage_directory = /usr/share/man
>masquerade_domains =
>mydestination = $myhostname, localhost
>myhostname = ks3374456.kimsufi.com
>mynetworks = 127.0.0.1, 10.8.0.1
>mynetworks_style = subnet
>myorigin = $myhostname
>newaliases_path = /usr/bin/newaliases
>queue_directory = /var/spool/postfix
>readme_directory = no
>recipient_delimiter = +
>sample_directory = /etc/postfix
>sendmail_path = /usr/sbin/sendmail
>setgid_group = postdrop
>smtp_tls_CAfile = /etc/postfix/key/sub.class1.server.ca.pem
>smtp_tls_cert_file = /etc/postfix/key/mail_silviosiefke_com.crt
>smtp_tls_key_file = /etc/postfix/key/mail_silviosiefke_com.key
>smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
>smtp_use_tls = yes
>smtpd_banner = $myhostname ESMTP
>smtpd_helo_required = yes
>smtpd_proxy_timeout = 3600s
>smtpd_recipient_restrictions = reject_unknown_sender_domain,
>reject_non_fqdn_sender, permit_mynetworks, reject_unlisted_sender,
>permit_sasl_authenticated, reject_unauth_pipelining check_helo_access
>pcre:/etc/postfix/helo_checks.pcre, check_sender_access
>hash:/etc/postfix/blacklist, check_policy_service
>unix:private/policyd-spf, check_policy_service unix:private/postgrey,
>permit
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_path = private/auth
>smtpd_sasl_type = dovecot
>smtpd_sender_restrictions = reject_unknown_sender_domain,
>reject_non_fqdn_sender, permit_mynetworks, reject_unlisted_sender,
>permit_sasl_authenticated, reject_unauth_pipelining
>smtpd_timeout = 3600s
>smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
>smtpd_tls_ask_ccert = yes
>smtpd_tls_cert_file = /etc/postfix/key/mail.silviosiefke.com.crt
>smtpd_tls_dh1024_param_file = /etc/postfix/key/dh_1024.pem
>smtpd_tls_dh512_param_file = /etc/postfix/key//dh_512.pem
>smtpd_tls_eecdh_grade = strong
>smtpd_tls_key_file = /etc/postfix/key/mail_silviosiefke_com.key
>smtpd_tls_loglevel = 1
>smtpd_tls_mandatory_ciphers = high
>smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
>smtpd_tls_received_header = yes
>smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
>smtpd_use_tls = yes
>tls_high_cipherlist =
>EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>tls_random_source = dev:/dev/urandom
>virtual_alias_maps = hash:/etc/postfix/virtual
>virtual_gid_maps = static:5000
>virtual_mailbox_base = /var/vmail
>virtual_mailbox_domains = /etc/postfix/vhost
>virtual_mailbox_maps = hash:/etc/postfix/vmaps
>virtual_minimum_uid = 100
>virtual_transport = lmtp:unix:private/dovecot-lmtp
>virtual_uid_maps = static:5000
>postconf: warning: /etc/postfix/main.cf: unused parameter:
>policy-spf_time_limit=3600s
>postconf: warning: /etc/postfix/master.cf: unused parameter:
>content_filer=
>
>ks3374456 postfix # cat master.cf
>smtp inet n - n - - smtpd
> -o smtpd_proxy_filter=127.0.0.1:10024
> -o smtpd_proxy_timeout=180s
>
>amavis unix - - n - 6 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> -o max_use=20
>
>127.0.0.1:10025 inet n - - - - smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o mynetworks=127.0.0.0/8
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
>-o
>receive_override_options=no_header_body_checks,no_unknown_recipient_checks
>
>
>submission inet n - n - - smtpd
> -o smtpd_etrn_restrictions=reject
> -o smtpd_sasl_type=dovecot
> -o smtpd_sasl_path=private/auth
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_reject_unlisted_sender=yes
>-o
>smtpd_sender_restrictions=reject_unknown_address,reject_unknown_sender_domain
>-o
>smtpd_recipient_restrictions=reject_unknown_recipient_domain,permit_sasl_authenticated,reject
>
>
>smtps inet n - n - - smtpd
> -o syslog_name=postfix/smtps
> -o smtpd_tls_wrappermode=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_reject_unlisted_recipient=yes
> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
>
>pickup unix n - n 60 1 pickup
> -o content_filer=
> -o receive_override_options=no_header_body_checks
>
>cleanup unix n - n - 0 cleanup
>qmgr unix n - n 300 1 qmgr
>tlsmgr unix - - n 1000? 1 tlsmgr
>rewrite unix - - n - - trivial-rewrite
>bounce unix - - n - 0 bounce
>defer unix - - n - 0 bounce
>trace unix - - n - 0 bounce
>verify unix - - n - 1 verify
>flush unix n - n 1000? 0 flush
>proxymap unix - - n - - proxymap
>proxywrite unix - - n - 1 proxymap
>smtp unix - - n - - smtp
>relay unix - - n - - smtp
> -o fallback_relay=
>showq unix n - n - - showq
>error unix - - n - - error
>retry unix - - n - - error
>discard unix - - n - - discard
>local unix - n n - - local
>virtual unix - n n - - virtual
>lmtp unix - - n - - lmtp
>anvil unix - - n - 1 anvil
>scache unix - - n - 1 scache
>
>policyd-spf unix - n n - 0 spawn
> user=nobody argv=/usr/bin/python2 /usr/bin/policyd-spf
>
>--
>_______________________________________________
>Postfixbuch-users -- http://www.postfixbuch.de
>Heinlein Professional Linux Support GmbH
>
>Postfixbuch-users at listen.jpberlin.de
>https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
Michael Reincke
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20141223/16fecda4/attachment.html>
Mehr Informationen über die Mailingliste Postfixbuch-users