Christophs outsourced brain https://www.hackerbruecke.net/ Sun, 12 Apr 2026 16:59:25 +0000 FeedCreator 1.8 https://www.hackerbruecke.net/_media/wiki/favicon.ico https://www.hackerbruecke.net/ https://www.hackerbruecke.net/linux/email/email?rev=1493137617&do=diff email Mailserver, Mailgateway, Anti-Spam [AMaVISd-new, SpamAssassin, dSpam, rspamd], SPF, DKIM, PFS etc. \\}} Postfix smtpd Postfix ist ein sehr mächtiger Mail Transport Agent, entwickelt von Wietse Venema. * Postfix Konfiguration für einen Mailserver * use of LDAP lookup maps * Postfix' Postscreen Modul anstatt policyd-weight oder postfwd * Postfix Anti-SPAM/UCE settings * Postfix SASL Konfiguraton * SMTP-authentication * TLS and SSL configuration (smtps) * anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 16:26:57 +0000 https://www.hackerbruecke.net/linux/email/cyrus/config?rev=1493131953&do=diff Cyrus imapd / popd <http://www.opensuse.org>Modify /etc/cyrus.conf to: START { recover cmd="ctl_cyrusdb -r" deliver cmd="ctl_deliver -r" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=2 # entry must be the same as in th… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:33 +0000 https://www.hackerbruecke.net/linux/email/monitoring/monitoring?rev=1493132284&do=diff Monitoring email-monitoring * create „/var/lib/rrd“ Mailgraph mailgraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily, weekly, monthly and yearly graphs of received/sent and bounced/rejected mail (SMTP traffic). anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:58:04 +0000 https://www.hackerbruecke.net/linux/email/cyrus?rev=1493131782&do=diff Cyrus imapd * Cyrus configuration (IMAP4/POP3) * TLS and SSL configuration (imaps) * Cyrus SIEVE configuration <- zurück anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:49:42 +0000 https://www.hackerbruecke.net/linux/email/cyrus/cyrus_secure?rev=1493131964&do=diff TLS, IMAP over SSL (imaps) and pop3 over SSL (pop3s) TLS Modify / append the TLS-settings in /etc/imap.conf: #--- SSL/TLS setting ---# tls_ca_path: /etc/ssl/certs tls_ca_file: /etc/ssl/certs/ca_cert.pem tls_cert_file: /etc/ssl/certs/station7_cert.pem tls_key_file: /etc/ssl/private/station7_key.pem anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:44 +0000 https://www.hackerbruecke.net/linux/email/monitoring/pflogsum?rev=1493132162&do=diff Postfix-Reporting mit Pflogsum apt-get install pflogsum /usr/local/bin/postfix_report.sh #!/bin/bash /usr/sbin/pflogsumm -d yesterday --problems_first /var/log/mail.log.1 > /tmp/pflogsumm /usr/bin/mailx -s "Automatischer Postfix-Report von $(hostname)" -r postfix-admin@station7.example.de postfix-admin@station7.example.de < /tmp/pflogsumm anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:02 +0000 https://www.hackerbruecke.net/linux/email/postfix/config?rev=1712422579&do=diff Postfix smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver Edit /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix smtpd_banner = mail.example.org myhostname = mail.example.org myorigin = example.org mydestination = mail.example.org mynetworks = 127.0.0.0/8, 10.0.0.0/8 alias_maps = hash:/etc/aliases, ldap:virtualaliases… anonymous@undisclosed.example.com (Anonymous) Sat, 06 Apr 2024 16:56:19 +0000 https://www.hackerbruecke.net/linux/email/postfix/postfix_secure?rev=1493132183&do=diff Postfix with TLS and SSL (smtps) Use a portscanner like „nmap“: station7:/etc/init.d # nmap localhost | grep smtp 25/tcp open smtp -> smtp is only running at port 25! TLS Modify the TLS-settings in /etc/postfix/main.cf #--- SSL/TLS setting ---# smtpd_client_restrictions= permit_tls_clientcerts, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access hash:/etc/… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:23 +0000 https://www.hackerbruecke.net/linux/email/postfix/relayhost?rev=1493132193&do=diff Postfix configuration for a relayhost (MX) / Anti-SPAM-/UCE-settings smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver used Ports: 10023/tcp: postgrey 10024/tcp: amavisd-new 10025/tcp: policyd-weight anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:33 +0000 https://www.hackerbruecke.net/linux/email/postfix/sasl?rev=1493132202&do=diff SASL A very conveniant way of configuring the Simple Authentication and Security Layer (SASL) is to use the Pluggable Authentication Modules (PAM), since it can use diffrent authentication sources like ldap or /etc/passwd - thus SASL is everything but simple anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:42 +0000 https://www.hackerbruecke.net/linux/email/amavisd/dkim/sign?rev=1493132019&do=diff Domain Key Identified Mail outbound - ORIGINATING - signieren DKIM basiert auf asymetrischer Verschlüsselung mit public- und private-Key. Das Key-Paar wird mit folgender Syntax erzeugt: amavisd genrsa <Dateiname> [Anzahl der Bits für den Schlüssel] anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:53:39 +0000 https://www.hackerbruecke.net/linux/email/amavisd/dkim/verify?rev=1493132031&do=diff Domain Key Identified Mail inbound verifizieren vim /etc/amavis/conf.d/50-user # DKIM-Ueberpruefung: $enable_dkim_verification = 1; $allowed_added_header_fields{lc('Authentication-Results')} = 1; service amavis restart AMaViS kann nun mit Hilfe des Public-Keys der in der anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:53:51 +0000