Hallo,
ich habe mich mit dem Buch und Postfix auseinander gesetzt. Deshalb habe ich folgende Konfiguration erstellt.
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
#eigene konf - nur verschluesselte verbindungen erlauben
smtp_tls_security_level = encrypt
# TLS parameters
smtpd_tls_cert_file = /etc/dovecot/dovecot.pem
smtpd_tls_key_file = /etc/dovecot/private/dovecot.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ubuntu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = ubuntu, localhost.localdomain, , localhost
#Absender richtig setzen
sender_canonical_maps = hash:/etc/postfix/sender_canonical
#Weitere Domains anlegen via
virtual_alias_domains = example.net, gartenzwerg.de
#passend zu den lokalen Accounts mappen
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unauth_pipelining
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_recipient_access hash:/etc/postfix/roleaccount_exceptions
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = !SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
Ich würde mich freuen, wenn dazu nochmal jemand einen Kommentar bezüglich der Sicherheit abgeben würde.
Ich denke ich kann die Konfiguration so nutzen und in den Livebetrieb einsteigen. Sehe ich das so richtig?
Schon jetzt danke!
fr10001