hackerbruecke.net

email

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 16:26:57 +0000

email Mailserver, Mailgateway, Anti-Spam [AMaVISd-new, SpamAssassin, dSpam, rspamd], SPF, DKIM, PFS etc. \\}} Postfix smtpd Postfix ist ein sehr mächtiger Mail Transport Agent, entwickelt von Wietse Venema. * Postfix Konfiguration für einen Mailserver * use of LDAP lookup maps * Postfix' Postscreen Modul anstatt policyd-weight oder postfwd * Postfix Anti-SPAM/UCE settings * Postfix SASL Konfiguraton * SMTP-authentication * TLS and SSL configuration (smtps) *

commserv

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 15:00:45 +0000

This documentation is work in progress, no liability for correctness can be given! Communications-Server Motivation Because I had to look for a log time around the Internet, asking a lot of questions on mailing-lists, reading books and talking to friends for configuring my commserv, thus having quite a bit of hassle getting things working, I'd like give my experiences back to the comunity.

config_test

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:55:27 +0000

Postfix-Konfiguration testen Die Postfix-Konfigurtation sollte auf alle fälle vor der Produktivnahme ausgiebig getestet und das Verhalten beobachtet werden! Test von main.cf und master.cf Test der Datei- und Verzeichnisrechte, sowie die Syntax von main.cf und master.cf von Postfix:

linux

anonymous@undisclosed.example.com (Anonymous) — Sat, 11 May 2024 11:50:33 +0000

Debian-Installation * Installation von GNU/Debian auf Hardware oder virtueller Instanz * zweite Netzwerkkarte mit wechselnder Konfiguration securing DNS and Mail * Domain Name System Security Extensions (DNSSEC) mit Bind9 * DNS-based Authentication of Named Entities (DANE) und TLS Authentication record (TLSA) * Sender Policy Framework (SPF) * DomainKeys Identified Mail (DKIM) * Domain-based Message Authentication, Reporting and Conformance (DMARC) * Authenticated Received…

email-server

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Sep 2017 14:18:58 +0000

email * MTA/SMTPd Postfix (Mailserver, Mailgateway, Anti-Spam [AMaVISd-new, SpamAssassin, dSpam], SPF, DKIM, PFS etc.) * MDA/IMAPd Cyrus * MDA/IMAPd Dovecot

cyrus

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:49:42 +0000

Cyrus imapd * Cyrus configuration (IMAP4/POP3) * TLS and SSL configuration (imaps) * Cyrus SIEVE configuration <- zurück

dkim

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 15:49:02 +0000

Postfix mit Domain Key Identifified Mail (DKIM) Vorausssetzung für DKIM ist ein installiertes -> AMaVIS. Auch bei DKIM wird, wie bei allen anderen Signaturen, in zwei Richtngen unterschieden: * eingehende emails (inbound): Überprüfung von DKIM-Signaturen in emails

operation

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:53:27 +0000

AmaViSd-new Operation emails aus der Quarantäne releasen: Wenn AMaViSd emails in die Quarantäne verschiebt, erhält man emails dieser Form: Betreff: BANNED contents (text/x-msdos-batch,.asc,bacula_after_failure.cmd) in mail FROM LOCAL [...] No viruses were found. Banned name: text/x-msdos-batch,.asc,bacula_after_failure.cmd Content type: Banned Internal reference code for the message is 11606-02/IJvAMUUAzNma [...] The message has been quarantined as: I/banned-IJvAMUUAzNma The message W…

spf

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:59 +0000

Postfix und das Sender Policy Framework (SPF) Das Sender Policy Framework - früher auch Sender Permitted From genannt -, soll das Fälschen des email-Absenders in einer E-Mail auf SMTP-Ebene erschweren. Mithilfe eines SPF-Generators, z.B. oder

spamreport

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:54:58 +0000

Spamreport spamcheck.sh #!/bin/bash ######################################################### # UKBW-Spam-Report, 2007-05-01, chhaas, IuK / Netzwerke # ######################################################### #set -o verbose ######## # ToDo # ######## # - printvariablen bei "grep X-Spam-Status:" korrigieren # - Mail an antispam@uk-bw.de zusammenfassen: 1 Mail die alle Spammails inkl. Empfaenger beinhaltet # - Variablen fuer FROM: und RETURN-PATH einrichten # - evtl. SpamAssassin Spam-T…

syntax

anonymous@undisclosed.example.com (Anonymous) — Sat, 06 Apr 2024 16:45:31 +0000

Formatting Syntax DokuWiki supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing

sieve

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:52:56 +0000

Sieve * * * * Sieve and SSL / TLS timsieved allows for SSL on connect (like https, imaps, or pop3s), only STARTTLS. So you have to wrap it in an stunnel (www.stunnel.org), which is a another story ... Have a look at this: Testi…

monitoring

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:58:04 +0000

Monitoring email-monitoring * create „/var/lib/rrd“ Mailgraph mailgraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily, weekly, monthly and yearly graphs of received/sent and bounced/rejected mail (SMTP traffic).

config

anonymous@undisclosed.example.com (Anonymous) — Sat, 06 Apr 2024 16:56:19 +0000

Postfix smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver Edit /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix smtpd_banner = mail.example.org myhostname = mail.example.org myorigin = example.org mydestination = mail.example.org mynetworks = 127.0.0.0/8, 10.0.0.0/8 alias_maps = hash:/etc/aliases, ldap:virtualaliases…

smtp-authentication

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:50 +0000

SMTPd- / SMTP-authentication SMTPd-authentication SASL must be configured! in /etc/postfix/main.cf: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = ... permit_sasl_authenticated

sign

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:53:39 +0000

Domain Key Identified Mail outbound - ORIGINATING - signieren DKIM basiert auf asymetrischer Verschlüsselung mit public- und private-Key. Das Key-Paar wird mit folgender Syntax erzeugt: amavisd genrsa [Anzahl der Bits für den Schlüssel]

verify

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:53:51 +0000

Domain Key Identified Mail inbound verifizieren vim /etc/amavis/conf.d/50-user # DKIM-Ueberpruefung: $enable_dkim_verification = 1; $allowed_added_header_fields{lc('Authentication-Results')} = 1; service amavis restart AMaViS kann nun mit Hilfe des Public-Keys der in der

start

anonymous@undisclosed.example.com (Anonymous) — Sat, 06 Apr 2024 17:26:44 +0000

hackerbruecke.net [Hackerbrücke mit Christoph] Warum Hackerbücke? Die Hackerbrücke ist für mich Symbol und Inbegriff meines Einstiegs in die Computerwelt. Schon 1984 faszinierten mich Erhard Thomas' (a.k.a. n0by) Glossen „Die Hackerbrücke“ in der Zeitschrift „DOS International

openssl_ca

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:44 +0000

simple OpenSSL Certficate Authority Create Certificate Authority station7:/etc # station7:/usr/share/ssl/misc # ./CA.sh -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .....++++++ .....................................++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your c…

sarg

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Aug 2014 20:46:20 +0000

SARG /etc/crontab: ### SQUID-Monitoring via Sarg: 00 06-19/1 * * * root /usr/local/chhaas-skripts/sarg-reports.sh today > /dev/nul 00 00 * * * root /usr/local/chhaas-skripts/sarg-reports.sh daily > /dev/nul 00 01 * * 1 root /usr/local/chhaas-skripts/sarg-reports.sh weekly > /dev/nul 30 02 1 * * root /usr/local/chhaas-skripts/sarg-reports.sh monthly > /dev/nul

amavisd

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:57:55 +0000

AmaVisd-new /etc/amavis/amavisd.conf: use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # uncomment to DI…

config

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:52:33 +0000

Cyrus imapd / popd Modify /etc/cyrus.conf to: START { recover cmd="ctl_cyrusdb -r" deliver cmd="ctl_deliver -r" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=2 # entry must be the same as in th…

cyrus_secure

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:52:44 +0000

TLS, IMAP over SSL (imaps) and pop3 over SSL (pop3s) TLS Modify / append the TLS-settings in /etc/imap.conf: #--- SSL/TLS setting ---# tls_ca_path: /etc/ssl/certs tls_ca_file: /etc/ssl/certs/ca_cert.pem tls_cert_file: /etc/ssl/certs/station7_cert.pem tls_key_file: /etc/ssl/private/station7_key.pem

postgrey

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 16:02:27 +0000

Greylisting For a overview what greylisting does, have a look at www.greylisting.org/ There are several greylisting daemons for Postfix available. I stick to David Schweikert's Postgrey or to Lionel Bouton's SQLgrey in combination with it's web-interface http://www.vanheusden.com/sgwi/ Postgrey Postgrey greylisting daemon

pflogsum

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:02 +0000

Postfix-Reporting mit Pflogsum apt-get install pflogsum /usr/local/bin/postfix_report.sh #!/bin/bash /usr/sbin/pflogsumm -d yesterday --problems_first /var/log/mail.log.1 > /tmp/pflogsumm /usr/bin/mailx -s "Automatischer Postfix-Report von $(hostname)" -r postfix-admin@station7.example.de postfix-admin@station7.example.de < /tmp/pflogsumm

ldap

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:55:50 +0000

using LDAP /etc/postfix/ldap-aliases.cf: server_host= ldaps://localhost:636 server_port= 636 start_tls = no tls_ca_cert_file = /etc/ssl/postfix/certs/ca_cert.pem tls_ca_cert_dir = /etc/ssl/postfix/certs/ tls_cert = /etc/ssl/postfix/certs/station7_cert.pem tls_key = /etc/ssl/postfix/private/station7_key.pem #tls_random_file = dev:/dev/urandom tls_cipher_suite = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP version= 3 bind= no timeout= 120 search_base= dc=example,dc=com query_filter = (&(object…

pfs

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:15 +0000

Postfix Perfect Forwarding Secrecy (PFS) openssl gendh -out /etc/postfix/dh_512.pem -2 512 openssl gendh -out /etc/postfix/dh_1024.pem -2 1024 postconf -e "smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem" postconf -e "smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem" postconf -e "smtpd_tls_eecdh_grade = strong" postconf -e "tls_preempt_cipherlist = yes" postconf -e "smtpd_tls_loglevel = 1" postconf -e "smtp_tls_loglevel = 1" postfix reload

postfix_secure

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:23 +0000

Postfix with TLS and SSL (smtps) Use a portscanner like „nmap“: station7:/etc/init.d # nmap localhost | grep smtp 25/tcp open smtp -> smtp is only running at port 25! TLS Modify the TLS-settings in /etc/postfix/main.cf #--- SSL/TLS setting ---# smtpd_client_restrictions= permit_tls_clientcerts, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access hash:/etc/…

relayhost

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:33 +0000

Postfix configuration for a relayhost (MX) / Anti-SPAM-/UCE-settings smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver used Ports: 10023/tcp: postgrey 10024/tcp: amavisd-new 10025/tcp: policyd-weight

sasl

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:42 +0000

SASL A very conveniant way of configuring the Simple Authentication and Security Layer (SASL) is to use the Pluggable Authentication Modules (PAM), since it can use diffrent authentication sources like ldap or /etc/passwd - thus SASL is everything but simple

ssh-smtp-tunnel

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:57:08 +0000

SMTP-over-SSH-Tunnel Um zwei SMTP-Server (z.B. Mailserver im Heim-Netz zu Mailgateway bei Provider/Hoster) sicher miteinander zu verbinden, gibt es verschiedene Möglichkeiten. OpenVPN-Tunnel Eine Möglichkeit ist, ein OpenVPN-Tunnel zwischen beiden Servern.

tipps

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:57:25 +0000

Postfix Tipps und Tricks Mails aus Mailqueue löschen alle Mails des Benutzers station7@example.com aus der Mailqueue löschen: mail:~# mailq | tail -n +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } { if ($7 == "station7@example.com") print $1 }' | tr -d '*!' | postsuper -d -

spamassassin

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:58:39 +0000

SpamAssassin SA-config-genarator: /etc/mail/spamassassin/local.cf: # SpamAssassin config file for version 3.x # NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6 # See http://www.yrex.com/spam/spamconfig25.php for earlier versions # Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50) # How many hits before a message is considered spam. required_score 5.0 # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe …

datenschutzerklaerung

anonymous@undisclosed.example.com (Anonymous) — Wed, 01 Jan 2020 20:42:15 +0000

Datenschutzerklärung 1. Einleitung Vielen Dank für den Besuch auf unseren Internetseiten. Diese Datenschutzerklärung informiert Sie über den Schutz Ihrer personenbezogenen Daten. Wir nehmen den Schutz Ihrer Daten ernst und möchten, dass Sie sich beim Besuch unserer Internetseiten sicher fühlen. Grundsätzlich gilt, dass alle von uns erhobenen personenbezogenen Daten den Bestimmungen der Europäischen Datenschutzgrundverordnung (DSGVO) unterliegen.

impressum

anonymous@undisclosed.example.com (Anonymous) — Sat, 26 May 2018 12:35:57 +0000

Impressum Anbieterkennzeichnung gemäß § 5 TMG: Christoph Haas Heideweg 1 71686 Remseck eMail: christoph (dot) haas (at) hackerbruecke (dot) net Verantwortlich für den Inhalt nach § 55 Abs. 2 RStV: Christoph Haas (s.o.) Urheber- und Leistungsschutzrechte

credits

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:41 +0000

Credits Credits go to the following persons (in alphabetical order), without their help my commserv would probably never have been working. If I forgot somebody by accident, please drop me a email: * Markus Winkler, Chemnitz / Germany * Manuel Zach, Vienna / Austria

todo

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:42 +0000

ToDo Things, that have to be documented: * generating the decrypted SSL-key with OpenSSL-CA * use of TinyCA and phpki-CA * Postfix: main.cf and master.cf * implement in email -> Postfix -> SMTPd- / SMTP-Authentication

all

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:46:38 +0000

2014-08-08 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! auf allen Server-Instanzen („Blech“, Linux VServer, LXC): ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy=„“ ### LiHAS GPG-Key importieren: wget -O -

root-alarm

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:47:28 +0000

email-Alarm bei ROOT-Login: # apt-get install mailx # cat << EOF > /root/.bashrc echo 'ALARM - Root-Login auf Maschine' $(hostname) 'am:' $(date) $(who) | mail -s „ALARM: Root-Login auf Maschine $(hostname) von $(who | grep root | cut -d'(' -f2 | cut -d')' -f1)

gnarwl

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:50:23 +0000

Gnarwl Download GNARWL software from and download package named gnarwl-3.3.tgz Compile GNARWL for LDAP vacations # tar xzvf gnarwl-3.3.tgz # cd gnarwl-3.3 # ./configure # make # make install # make perm Adjust File /usr/local/etc/gnarwl.conf map_sender $sender map_receiver $recepient map_subject $subject map_field $fullname cn map_field $deputy mail server localhost port 389 scope sub login cn=admin,dc=example,dc=org password IveGotASe…

config

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Aug 2014 20:44:51 +0000

Squid configuration */etc/squid/squid.conf: icp_port 0 htcp_port 0 hierarchy_stoplist cgi-bin ? cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid 240000 32 256 cache_log /var/log/squid/cache.log cache_mem 3000 MB cache_store_log /var/log/squid/store.log emulate_httpd_log off mime_table /etc/squid/mime.conf log_mime_hdrs off useragent_log…