Hier der output von postconf -l:
append_dot_mydomain = no
biff = no
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = all
internal = permit_mynetworks, permit_sasl_authenticated, reject
local_recipient_maps = $virtual_mailbox_maps
mailbox_size_limit = 0
message_size_limit = 51200000
milter_default_action = accept
milter_protocol = 6
mydestination = localhost
mydomain = kukulies.org
myhostname = mail.kukulies.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = kukulies.org
non_smtpd_milters = inet:localhost:12345
policy-spf_time_limit = 3600s
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = ignore
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3
b.barracudacentral.org*2 bl.spameatingmonkey.net bl.spamcop.net
spamtrap.trblspam.com dnsbl.sorbs.net=127.0.0.[2;3;6;7;10] ix.dnsbl.manitu.net
bl.blocklist.de list.dnswl.org=127.0.[0..255].0*-1
list.dnswl.org=127.0.[0..255].1*-2 list.dnswl.org=127.0.[0..255].[2..3]*-3
iadb.isipp.com=127.0.[0..255].[0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2
wl.mailspike.net=127.0.0.[17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 1h
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
readme_directory = no
recipient_delimiter =
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
check_client_access hash:/etc/postfix/blacklist
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
smtpd_milters = inet:localhost:12345
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access, check_sender_access
hash:/etc/postfix/sender_access, reject_unauth_destination,
check_policy_service unix:private/policy-spf, check_client_access
hash:/etc/postfix/rbl_override, reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client dul.dnsbl.sorbs.net, permit
smtpd_restriction_classes = internal
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /var/lib/acme/.acme.sh/www.kukulies.org/fullchain.cer
smtpd_tls_key_file =
/var/lib/acme/.acme.sh/www.kukulies.org/www.kukulies.org.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
virtual_alias_maps = mysql:/etc/postfix/virtual/mysql-aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/virtual/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual/mysql-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp> Am 16.04.2024 um 16:43 schrieb Juergen Dollinger via postfix-users > <[email protected]>: > > Christoph Kukulies via postfix-users wrote: >> Danke, Rudolf. Was heißt das nun? Verschlüsselt also mein Mailserver nicht >> automatisch? Habe ich was falsch konfiguriert? >> Ich versende normalerweise mit S/Mime angehängtem Zertifikat ( wie in dieser >> Email), kann auch auf OpenPGP umschalten. > > Ich fuerchte du verwechselst da was. S/Mime bzw OpenPGP sind Verfahren > zur Ende-zu-Ende Verschluesselung, das regeln die Mailclients (die > beiden Enden) untereinander und postfix schickt einfach nur das > vorverschluesselte weiter. > > Bei STARTTLS bzw SSL geht es um Transportverschluesselung. Die tritt > separat zuerst zwischen dem Client und dem Server, dann zwischen zwei > Servern und am Ende wieder zwischen Server und Client auf. > > postfix hat dafuer Variablen wie > smtpd_tls_cert_file > smtp_tls_cert_file > smtpd_tls_key_file > smtp_tls_key_file > smtpd_tls_exclude_ciphers > smtp_tls_security_level > smtpd_tls_security_level > smtpd_tls_loglevel > > Wie sind die denn gesetzt? Grüße Christoph
smime.p7s
Description: S/MIME cryptographic signature
