<html><head></head><body>Hallo,<br>
<br>
das Problem ist Option smtpd_tls_ask_ccert. Versuche es einmal mit " smtpd_tls_ask_ccert=no".<br>
smtpd_use_tls ist obsolet. Du musst z.B. "smtpd_tls_security_level=may" setzen.<br>
<br>
Gruß<br>
Michael Reincke<br><br><div class="gmail_quote">Am 23. Dezember 2014 00:53:00 MEZ, schrieb "siefke_listen@web.de" <siefke_listen@web.de>:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Hallo, <br /><br />ich versuche gerade ein paar Änderungen an Postfix vorzunehmen. Das Ziel <br />ist der Einsatz von postscreen und die smtpd_restriction_classes. Jetzt<br />möchte ich gerne den Port 587 zur Einlieferung von Emails nutzen, aber<br />irgendwie erhalte ich nur den folgenden logeintrag:<br /><br />Dec 23 00:45:43 ks3374456 postfix/cleanup[30499]: 2F21124090A: hold: header Received: from <a href="http://gentoomobile.silviosiefke.de">gentoomobile.silviosiefke.de</a> (unknown [<a href="http://46.114.32.186">46.114.32.186</a>])??(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))??(Client did not present a certificate)??by <a href="http://ks3374456.kimsufi.com">ks3374456.kimsufi.com</a> ( from unknown[<a href="http://46.114.32.186">46.114.32.186</a>]; from=<webmaster@silviosiefke.com> to=<siefkesilvio@gmail.com> proto=ESMTP helo=<<a href="http://gentoomobile.silviosiefke.de">gentoomobile.silviosiefke.de</a>><br /><br />Die
Emails kommen nicht an, was ja klar ist bei hold message. Aber ich <br />verstehe nicht woran das liegt. Über Port 25 und starttls läuft es ohne<br />Probleme. Hat hier jemand Rat? Vorschläge?<br /><br />Mfg<br />Silvio<br /><br />ks3374456 postfix # postconf -n<br />alias_database = hash:/etc/aliases<br />alias_maps = hash:/etc/aliases<br />append_dot_mydomain = no<br />biff = no<br />broken_sasl_auth_clients = yes<br />command_directory = /usr/sbin<br />config_directory = /etc/postfix<br />daemon_directory = /usr/libexec/postfix<br />data_directory = /var/lib/postfix<br />disable_vrfy_command = yes<br />header_checks = regexp:/etc/postfix/header_checks<br />home_mailbox = Maildir/<br />html_directory = no<br />inet_interfaces = all<br />inet_protocols = all<br />mail_owner = postfix<br />mailbox_size_limit = 0<br />mailq_path = /usr/bin/mailq<br />manpage_directory = /usr/share/man<br />masquerade_domains =<br />mydestination = $myhostname, localhost<br />myhostname = <a
href="http://ks3374456.kimsufi.com">ks3374456.kimsufi.com</a><br />mynetworks = <a href="http://127.0.0.1">127.0.0.1</a>, <a href="http://10.8.0.1">10.8.0.1</a><br />mynetworks_style = subnet<br />myorigin = $myhostname<br />newaliases_path = /usr/bin/newaliases<br />queue_directory = /var/spool/postfix<br />readme_directory = no<br />recipient_delimiter = +<br />sample_directory = /etc/postfix<br />sendmail_path = /usr/sbin/sendmail<br />setgid_group = postdrop<br />smtp_tls_CAfile = /etc/postfix/key/<a href="http://sub.class1.server.ca">sub.class1.server.ca</a>.pem<br />smtp_tls_cert_file = /etc/postfix/key/mail_silviosiefke_com.crt<br />smtp_tls_key_file = /etc/postfix/key/mail_silviosiefke_com.key<br />smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache<br />smtp_use_tls = yes<br />smtpd_banner = $myhostname ESMTP<br />smtpd_helo_required = yes<br />smtpd_proxy_timeout = 3600s<br />smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender, permit_mynetworks, reject_unlisted_sender, permit_sasl_authenticated, reject_unauth_pipelining check_helo_access pcre:/etc/postfix/helo_checks.pcre, check_sender_access hash:/etc/postfix/blacklist, check_policy_service unix:private/policyd-spf, check_policy_service unix:private/postgrey, permit<br />smtpd_sasl_auth_enable = yes<br />smtpd_sasl_path = private/auth<br />smtpd_sasl_type = dovecot<br />smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit_mynetworks, reject_unlisted_sender, permit_sasl_authenticated, reject_unauth_pipelining<br />smtpd_timeout = 3600s<br />smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt<br />smtpd_tls_ask_ccert = yes<br />smtpd_tls_cert_file = /etc/postfix/key/<a href="http://mail.silviosiefke.com">mail.silviosiefke.com</a>.crt<br />smtpd_tls_dh1024_param_file = /etc/postfix/key/dh_1024.pem<br />smtpd_tls_dh512_param_file = /etc/postfix/key//dh_512.pem<br />smtpd_tls_eecdh_grade =
strong<br />smtpd_tls_key_file = /etc/postfix/key/mail_silviosiefke_com.key<br />smtpd_tls_loglevel = 1<br />smtpd_tls_mandatory_ciphers = high<br />smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3<br />smtpd_tls_received_header = yes<br />smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache<br />smtpd_use_tls = yes<br />tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA<br />tls_random_source = dev:/dev/urandom<br />virtual_alias_maps = hash:/etc/postfix/virtual<br />virtual_gid_maps = static:5000<br />virtual_mailbox_base = /var/vmail<br />virtual_mailbox_domains = /etc/postfix/vhost<br />virtual_mailbox_maps = hash:/etc/postfix/vmaps<br />virtual_minimum_uid = 100<br />virtual_transport = lmtp:unix:private/dovecot-lmtp<br />virtual_uid_maps =
static:5000<br />postconf: warning: /etc/postfix/<a href="http://main.cf">main.cf</a>: unused parameter: policy-spf_time_limit=3600s<br />postconf: warning: /etc/postfix/<a href="http://master.cf">master.cf</a>: unused parameter: content_filer=<br /><br />ks3374456 postfix # cat <a href="http://master.cf">master.cf</a><br />smtp      inet   n       -       n       -       -       smtpd<br />   -o smtpd_proxy_filter=<a href="127.0.0.1:10024">127.0.0.1:10024</a><br />   -o smtpd_proxy_timeout=180s<br /><br />amavis     unix  -       -       n       -       6       smtp<br />    -o smtp_data_done_timeout=1200<br />    -o smtp_send_xforward_command=yes<br />    -o disable_dns_lookups=yes<br />    -o max_use=20<br /><br /><a href="127.0.0.1:10025">127.0.0.1:10025</a> inet n   -       -       -       -       smtpd<br />    -o content_filter=<br />    -o local_recipient_maps=<br />    -o relay_recipient_maps=<br />    -o smtpd_restriction_classes=<br />    -o smtpd_delay_reject=no<br />   
-o smtpd_client_restrictions=permit_mynetworks,reject<br />    -o smtpd_helo_restrictions=<br />    -o smtpd_sender_restrictions=<br />    -o smtpd_recipient_restrictions=permit_mynetworks,reject<br />    -o smtpd_data_restrictions=reject_unauth_pipelining<br />    -o smtpd_end_of_data_restrictions=<br />    -o mynetworks=<a href="http://127.0.0.0/8">127.0.0.0/8</a><br />    -o smtpd_error_sleep_time=0<br />    -o smtpd_soft_error_limit=1001<br />    -o smtpd_hard_error_limit=1000<br />    -o smtpd_client_connection_count_limit=0<br />    -o smtpd_client_connection_rate_limit=0<br />    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks<br /><br /><br />submission inet  n       -       n       -       -       smtpd<br />    -o smtpd_etrn_restrictions=reject<br />    -o smtpd_sasl_type=dovecot<br />    -o smtpd_sasl_path=private/auth<br />    -o smtpd_sasl_auth_enable=yes<br />    -o smtpd_reject_unlisted_sender=yes<br />    -o
smtpd_sender_restrictions=reject_unknown_address,reject_unknown_sender_domain<br />    -o smtpd_recipient_restrictions=reject_unknown_recipient_domain,permit_sasl_authenticated,reject<br /><br /><br />smtps     inet  n       -       n       -       -       smtpd<br />  -o syslog_name=postfix/smtps<br />  -o smtpd_tls_wrappermode=yes<br />  -o smtpd_sasl_auth_enable=yes<br />  -o smtpd_reject_unlisted_recipient=yes<br />  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject<br /><br />pickup    unix  n       -       n       60      1       pickup<br />  -o content_filer=<br />  -o receive_override_options=no_header_body_checks<br /><br />cleanup   unix  n       -       n       -       0       cleanup<br />qmgr      unix  n       -       n       300     1       qmgr<br />tlsmgr    unix  -       -       n       1000?   1       tlsmgr<br />rewrite   unix  -       -       n       -       -       trivial-rewrite<br />bounce    unix  -       -       n       -       0      
bounce<br />defer     unix  -       -       n       -       0       bounce<br />trace     unix  -       -       n       -       0       bounce<br />verify    unix  -       -       n       -       1       verify<br />flush     unix  n       -       n       1000?   0       flush<br />proxymap  unix  -       -       n       -       -       proxymap<br />proxywrite unix -       -       n       -       1       proxymap<br />smtp      unix  -       -       n       -       -       smtp<br />relay     unix  -       -       n       -       -       smtp<br /> -o fallback_relay=<br />showq     unix  n       -       n       -       -       showq<br />error     unix  -       -       n       -       -       error<br />retry     unix  -       -       n       -       -       error<br />discard   unix  -       -       n       -       -       discard<br />local     unix  -       n       n       -       -       local<br />virtual   unix  -       n       n       -       -       virtual<br />lmtp     
unix  -       -       n       -       -       lmtp<br />anvil     unix  -       -       n       -       1       anvil<br />scache    unix  -       -       n       -       1       scache<br /><br />policyd-spf  unix  -       n       n       -       0       spawn<br />  user=nobody argv=/usr/bin/python2 /usr/bin/policyd-spf<br /></pre></blockquote></div><br>
-- <br>
Michael Reincke</body></html>