Morgen Markus,
Ich hab deine Nachricht erst jetzt zufällig auf pipermail entdeckt - ich
hatte die Liste wohl mal deaktiviert. Ich hatte mich schon gewundert,
warum niemand mehr antwortet, Sorry :)
> wie schon geschrieben: Du musst bitte zusätzlich auch 'postconf -n'
verwenden. Poste also bitte sicherheitshalber auch mal den kompletten
Output von 'postconf -nf'.
#postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
default_process_limit = 500
dovecot_destination_recipient_limit = 1
greylist = check_policy_service inet:127.0.0.1:60000
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 51200000
milter_default_action = accept
milter_protocol = 2
mydestination = localhost
myhostname = ew6.org
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:12301
queue_directory = /var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
smtp_tls_loglevel = 1
smtp_tls_protocols = >=TLSv1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_discard_ehlo_keywords = dsn
smtpd_hard_error_limit = 100
smtpd_milters = inet:localhost:12301
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, permit_mynetworks,
reject_unlisted_recipient, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unlisted_sender,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_unknown_client_hostname, reject_unknown_helo_hostname,
check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
check_client_access hash:/etc/postfix/rbl_client_exceptions,
check_policy_service inet:127.0.0.1:10040
smtpd_relay_before_recipient_restrictions = no
smtpd_restriction_classes = greylist
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 80
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/letsencrypt/live/ew6.org/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_key_file = /etc/letsencrypt/live/ew6.org/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
tls_preempt_cipherlist = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
Also das smtp_tls_protocols hab ich da nicht drin, dann müsste das
Default ja wirken.
> > ...
> > Oct 1 06:04:22 ew6 postfix/smtpd[30580]: Anonymous TLS connection
established from
dynamic-095-112-037-129.95.112.pool.telefonica.de[95.112.37.129]:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange
X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
> > ...
> ... Und genau diese Anzeige müsste bei 'smtp_tls_loglevel = 1' auch
bei ausgehenden Verbindungen angezeigt werden. ...
Da sehe ich aber leider nichts, bei ausgehenden Verbindungen fehlt diese
Anzeige im Log :(
Ich hab grad noch mal ein Test an [email protected] gemacht, das steht
dabei im Log:
Dec 17 11:57:25 ew6 postfix/smtpd[2091753]: connect from
dynamic-077-003-120-015.77.3.pool.telefonica.de[77.3.120.15]
Dec 17 11:57:25 ew6 postfix/smtpd[2091753]: Anonymous TLS connection
established from
dynamic-077-003-120-015.77.3.pool.telefonica.de[77.3.120.15]: TLSv1.3
with cipher TLS_AES_256_GCM_SHA384
(256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048
bits) server-digest SHA256
Dec 17 11:57:25 ew6 postfix/smtpd[2091753]: discarding EHLO keywords: DSN
Dec 17 11:57:25 ew6 postfix/smtpd[2091753]: C5B7ABFBEE:
client=dynamic-077-003-120-015.77.3.pool.telefonica.de[77.3.120.15],
sasl_method=PLAIN, [email protected]
Dec 17 11:57:25 ew6 postfix/cleanup[2091734]: C5B7ABFBEE:
message-id=<[email protected]>
Dec 17 11:57:25 ew6 opendkim[1008]: C5B7ABFBEE: DKIM-Signature field
added (s=mail, d=ew6.org)
Dec 17 11:57:25 ew6 postfix/qmgr[2091698]: C5B7ABFBEE:
from=<[email protected]>, size=1202, nrcpt=1 (queue active)
Dec 17 11:57:26 ew6 postfix/smtpd[2091733]: connect from
localhost[127.0.0.1]
Dec 17 11:57:26 ew6 postfix/smtpd[2091733]: discarding EHLO keywords: DSN
Dec 17 11:57:26 ew6 postfix/smtpd[2091733]: 6F980BFBF3:
client=localhost[127.0.0.1], orig_queue_id=C5B7ABFBEE,
orig_client=dynamic-077-003-120-015.77.3.pool.telefonica.de[77.3.120.15]
Dec 17 11:57:26 ew6 postfix/cleanup[2091734]: 6F980BFBF3:
message-id=<[email protected]>
Dec 17 11:57:26 ew6 opendkim[1008]: 6F980BFBF3: DKIM-Signature field
added (s=mail, d=ew6.org)
Dec 17 11:57:26 ew6 postfix/smtpd[2091733]: disconnect from
localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 quit=1
commands=6
Dec 17 11:57:26 ew6 postfix/qmgr[2091698]: 6F980BFBF3:
from=<[email protected]>, size=1966, nrcpt=1 (queue active)
Dec 17 11:57:26 ew6 amavis[2089869]: (2089869-06) Passed CLEAN
{RelayedOpenRelay}, [77.3.120.15]:7673 [77.3.120.15]
<[email protected]> -> <[email protected]>, Queue-ID: C5B7ABFBEE, Mess
age-ID: <[email protected]>, mail_id:
a00ks94Iepwm, Hits: -2.698, size: 1522, queued_as: 6F980BFBF3, 603 ms
Dec 17 11:57:26 ew6 postfix/smtp[2091754]: C5B7ABFBEE:
to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.73,
delays=0.12/0.01/0/0.6, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6F980BFBF3)
Dec 17 11:57:26 ew6 postfix/qmgr[2091698]: C5B7ABFBEE: removed
Dec 17 11:57:26 ew6 postfix/smtp[2091757]: 6F980BFBF3:
to=<[email protected]>,
relay=mx-01-eu-central-1.prod.hydra.sophos.com[3.66.6.170]:25,
delay=0.41, delays=0.05/0.01/0.12/0.24, dsn=5.7.4, status=bounced (host
mx-01-eu-central-1.prod.hydra.sophos.com[3.66.6.170] said: 550 5.7.4
XGEMAIL_0006 Command rejected : The rejection of the message occurred
due to a mismatch in TLS versions between the configured TLS version is
Preferred TLS 1.3 for the recipient: [email protected] and the sender:
ew6.org TLS version is not available (in reply to RCPT TO command))
Dec 17 11:57:26 ew6 postfix/cleanup[2091734]: D5629C060C:
message-id=<[email protected]>
Dec 17 11:57:26 ew6 postfix/bounce[2091758]: 6F980BFBF3: sender
non-delivery notification: D5629C060C
Dec 17 11:57:26 ew6 postfix/qmgr[2091698]: D5629C060C: from=<>,
size=5540, nrcpt=1 (queue active)
Dec 17 11:57:26 ew6 postfix/qmgr[2091698]: 6F980BFBF3: removed
Dec 17 11:57:26 ew6 postfix/pipe[2091735]: D5629C060C:
to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot,
delay=0.04, delays=0/0/0/0.03, dsn=2.0.0, status=sent (delivered via
dovecot service)
Dec 17 11:57:26 ew6 postfix/qmgr[2091698]: D5629C060C: removed
Aber Mails via GMX und Konsorten werden dort empfangen, also muss es
schon auch was mit meinem Postfix zu tun haben, aber was?
Danke!
Gruß frank
