PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Postfix mit SSL


TBVAndy
06.06.06, 11:00
Hallo,

ich habe ein kleines Problem mit Postix in Verbindung mit SSL.
Und zwar versuche ich das Senden von Mails über den Server mit SSL zu aktivieren, laut NMAP von einem anderen Rechner aus ist Port 465 auch offen.
http://www.handballecke.de/nslu2/postfix1.gif

Wenn ich jetzt jedoch versuche über Thunderbird eine Mail per SSL zu versenden dauert es eine Zeit bis folgende Fehlermeldung erscheint.
http://www.handballecke.de/nslu2/postfix2.gif

Wenn ich SSL im Thunderbird wieder deaktiviere und normal über Port 25 versende läuft es ohne Probleme.

Hier mal meine main.cf


masquerade_domains = arminius-tooling.com
defer_transport =
disable_dns_lookups = no
relayhost = 192.168.1.2
mailbox_command =
mailbox_transport =
relay_domains = $mydestination
smtpd_sender_restrictions = reject_non_fqdn_sender
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_sasl_authentic ated,permit_mynetworks,check_relay_domains
inet_interfaces = all
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /opt/etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /opt/etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /opt/etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


Im Log steht lediglich folgende Fehlermeldung.


<22>Jun 6 11:29:56 postfix/smtpd[1940]: connect from unknown[192.168.1.26]
<22>Jun 6 11:30:11 postfix/smtpd[1940]: lost connection after EHLO from unknown[192.168.1.26]
<22>Jun 6 11:30:11 postfix/smtpd[1940]: disconnect from unknown[192.168.1.26]


Einer ne Idee was falsch sein könnte?

-->EDIT:
Wenn man versucht eine Mail zu senden, erfolgen doch noch weitere Ausgabe im Log.


<22>Jun 6 12:58:03 postfix/smtpd[1938]: name_mask: subnet
<22>Jun 6 12:58:03 postfix/smtpd[1938]: mynetworks: 127.0.0.0/8 192.168.1.0/24
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: mynetworks ~? debug_peer_list
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: mynetworks ~? fast_flush_domains
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: mynetworks ~? mynetworks
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: relay_domains ~? debug_peer_list
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: relay_domains ~? fast_flush_domains
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: relay_domains ~? mynetworks
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: relay_domains ~? permit_mx_backup_networks
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: relay_domains ~? qmqpd_authorized_clients
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: relay_domains ~? relay_domains
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: permit_mx_backup_networks ~? debug_peer_list
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: permit_mx_backup_networks ~? fast_flush_domains
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: permit_mx_backup_networks ~? mynetworks
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks
<22>Jun 6 12:58:03 postfix/smtpd[1938]: connect to subsystem private/proxymap
<22>Jun 6 12:58:03 postfix/smtpd[1938]: send attr request = open
<22>Jun 6 12:58:03 postfix/smtpd[1938]: send attr table = unix:passwd.byname
<22>Jun 6 12:58:03 postfix/smtpd[1938]: send attr flags = 64
<22>Jun 6 12:58:03 postfix/smtpd[1938]: private/proxymap socket: wanted attribute: status
<22>Jun 6 12:58:03 postfix/smtpd[1938]: input attribute name: status
<22>Jun 6 12:58:03 postfix/smtpd[1938]: input attribute value: 0
<22>Jun 6 12:58:03 postfix/smtpd[1938]: private/proxymap socket: wanted attribute: flags
<22>Jun 6 12:58:03 postfix/smtpd[1938]: input attribute name: flags
<22>Jun 6 12:58:03 postfix/smtpd[1938]: input attribute value: 80
<22>Jun 6 12:58:03 postfix/smtpd[1938]: private/proxymap socket: wanted attribute: (list terminator)
<22>Jun 6 12:58:03 postfix/smtpd[1938]: input attribute name: (end)
<22>Jun 6 12:58:03 postfix/smtpd[1938]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=0120
<22>Jun 6 12:58:03 postfix/smtpd[1938]: dict_open: proxy:unix:passwd.byname
<22>Jun 6 12:58:03 postfix/smtpd[1938]: dict_open: hash:/opt/etc/aliases
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: smtpd_access_maps ~? debug_peer_list
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: smtpd_access_maps ~? fast_flush_domains
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: smtpd_access_maps ~? mynetworks
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: smtpd_access_maps ~? permit_mx_backup_networks
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: smtpd_access_maps ~? relay_domains
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: smtpd_access_maps ~? smtpd_access_maps
<22>Jun 6 12:58:03 postfix/smtpd[1938]: smtpd_sasl_initialize: SASL config file is smtpd.conf
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: fast_flush_domains ~? debug_peer_list
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_string: fast_flush_domains ~? fast_flush_domains
<22>Jun 6 12:58:03 postfix/smtpd[1938]: watchdog_create: 0x56048 18000
<22>Jun 6 12:58:03 postfix/smtpd[1938]: watchdog_stop: 0x56048
<22>Jun 6 12:58:03 postfix/smtpd[1938]: watchdog_start: 0x56048
<22>Jun 6 12:58:03 postfix/smtpd[1938]: connection established
<22>Jun 6 12:58:03 postfix/smtpd[1938]: master_notify: status 0
<22>Jun 6 12:58:03 postfix/smtpd[1938]: name_mask: resource
<22>Jun 6 12:58:03 postfix/smtpd[1938]: name_mask: software
<22>Jun 6 12:58:03 postfix/smtpd[1938]: name_mask: noanonymous
<22>Jun 6 12:58:03 postfix/smtpd[1938]: connect from unknown[192.168.1.26]
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_list_match: unknown: no match
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_list_match: 192.168.1.26: no match
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_list_match: unknown: no match
<22>Jun 6 12:58:03 postfix/smtpd[1938]: match_list_match: 192.168.1.26: no match
<22>Jun 6 12:58:03 postfix/smtpd[1938]: > unknown[192.168.1.26]: 220 arminius-tooling.com ESMTP Postfix
<22>Jun 6 12:58:03 postfix/smtpd[1938]: watchdog_pat: 0x56048
<22>Jun 6 12:58:03 postfix/smtpd[1938]: < unknown[192.168.1.26]: ?g??
<22>Jun 6 12:58:03 postfix/smtpd[1938]: > unknown[192.168.1.26]: 502 Error: command not implemented
<22>Jun 6 12:58:03 postfix/smtpd[1938]: watchdog_pat: 0x56048
<22>Jun 6 12:59:04 postfix/smtpd[1938]: smtp_get: EOF
<22>Jun 6 12:59:04 postfix/smtpd[1938]: lost connection after CONNECT from unknown[192.168.1.26]
<22>Jun 6 12:59:04 postfix/smtpd[1938]: disconnect from unknown[192.168.1.26]
<22>Jun 6 12:59:04 postfix/smtpd[1938]: master_notify: status 1
<22>Jun 6 12:59:04 postfix/smtpd[1938]: connection closed
<22>Jun 6 12:59:04 postfix/smtpd[1938]: watchdog_stop: 0x56048
<22>Jun 6 12:59:04 postfix/smtpd[1938]: watchdog_start: 0x56048
<22>Jun 6 12:59:43 postfix/smtpd[1938]: proxymap stream disconnect
<22>Jun 6 12:59:43 postfix/smtpd[1938]: watchdog_stop: 0x56048
<22>Jun 6 12:59:43 postfix/smtpd[1938]: watchdog_start: 0x56048


--> EDIT2:
wenn ich nen telnet auf Port 25 mache und danach ehlo localhost eingebe, erfolgt folgende Ausgabe.


Trying 192.168.1.4...
Connected to 192.168.1.4.
Escape character is '^]'.
220 arminius-tooling.com ESMTP Postfix
ehlo localhost
250-arminius-tooling.com
250-PIPELINING
250-SIZE 2147483647
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250 8BITMIME
Hitman
06.06.06, 12:45
Poste mal die master.cf .
TBVAndy
06.06.06, 14:10
master.cf


#
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - y - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
Hitman
06.06.06, 14:20
Diese "~?" in der mail.log kommen mir ein bißchen spanisch vor.