AW: Verständnisfrage zu smtpd_tls_security_level / maincf und master.cf

postfix_dovecot at gmx.de postfix_dovecot at gmx.de
Mi Mai 22 09:43:20 CEST 2024 

Gern!
Ich habe den Parameter in meiner master.cf jetzt aktiviert. Da es sich eh noch um ein nichtproduktives Testsystem auf VMware handelt, "spiele" ich da noch dran rum, um mir eine Konfiguration für das Live-System zu erarbeiten.
Die Konfiguration basiert auf den Büchern von Peer Heinlein.

postconf -n

alias_database = btree:/etc/aliases
alias_maps = btree:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 2h
compatibility_level = 3.6
default_database_type = btree
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maximal_queue_lifetime = 2h
mydestination = $myhostname, $mydomain, localhost, localhost.$mydomain
myhostname = backup.dummy.eu
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = btree:/etc/postfix/relay_domains
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = dslb-090-186-244-190.090.186.pools.vodafone-ip.de
smtpd_recipient_restrictions = check_recipient_access btree:/etc/postfix/access-recipient-rfc, check_client_access btree:/etc/postfix/access-client, check_helo_access btree:/etc/postfix/access-helo, check_sender_access btree:/etc/postfix/access-sender, check_recipient_access btree:/etc/postfix/access-recipient, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023, reject_unverified_recipient, permit_mx_backup, reject_unauth_destination, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/backup.dummy.eu/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/backup.dummy.eu/privkey.pem
smtpd_tls_security_level = may
soft_bounce = yes
transport_maps = btree:/etc/postfix/transport_maps
virtual_alias_domains = btree:/etc/postfix/virtual_alias_domains
virtual_alias_maps = btree:/etc/postfix/virtual_alias_maps

postconf -M

smtp       inet  n       -       y       -       -       smtpd -o smtpd_sasl_auth_enable=no
submission inet  n       -       y       -       -       smtpd -o smtpd_etrn_restrictions=reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no
pickup     unix  n       -       y       60      1       pickup
cleanup    unix  n       -       y       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp -o syslog_name=postfix/$service_name
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
maildrop   unix  -       n       n       -       -       pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

-----Ursprüngliche Nachricht-----
Von: postfix-users <postfix-users-bounces+postfix_dovecot=gmx.de at de.postfix.org> Im Auftrag von Markus Winkler via postfix-users
Gesendet: Mittwoch, 22. Mai 2024 09:31
An: postfix-users at de.postfix.org
Betreff: Re: Verständnisfrage zu smtpd_tls_security_level / maincf und master.cf

Hi Jens,

On Wed, 22 May 2024 at 09:10:14AM +0200, Jens via postfix-users wrote:

>Ein Beispiel (von mehreren):

schicke doch bitte mal die Ausgaben von 'postconf -n' und 'postconf -M', damit man die _komplette_ Config sehen kann.

Danke und Gruß
Markus

Mehr Informationen über die Mailingliste postfix-users