Re: FreeBSD 11.0 - mail tls auth pop imap

Tue, 14 Mar 2017 03:58:39 -0700 

Jozef Drahovsky wrote on 2017/03/14 11:36:


Zakladny mail na portoch 25 az 587 aj autorizacia mi funguje, ale  tls
sluzbu na porte 465 som zatial nerozchodil,
mozno robim nejaku principialnu chybu. Ma niekto odskusany postup pre
sendmail a postfix na usetrenie casu?



Konfigurace Postfixu bude zalezet na tom, co od toho pozadujes. Muze to 
vypadat takhle


main.cf:

## TLS

smtp_tls_security_level = may


smtp_tls_session_cache_database = 
btree:/var/db/postfix/smtp_tls_session_cache


smtp_tls_loglevel = 1

smtp_tls_note_starttls_offer = yes

smtp_tls_mandatory_protocols=!SSLv2,!SSLv3



smtpd_tls_security_level = may

smtpd_tls_cert_file = /usr/local/etc/sslt/mail.example.com.crt

smtpd_tls_key_file = /usr/local/etc/ssl/mail.example.com.key

smtpd_tls_CAfile = /usr/local/etc/ssl/intermediateCA.pem

smtpd_tls_received_header = yes


smtpd_tls_session_cache_database = 
btree:/var/db/postfix/smtpd_tls_session_cache


smtpd_tls_loglevel = 1

smtpd_tls_auth_only = yes

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

## used in master.cf for encrypted connections
mua_client_restrictions =
    permit_sasl_authenticated
    reject


master.cf
smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=$mua_client_restrictions



K tomu si pak jeste do main.cf muzes (mel bys) pridat vhodne restrikce 
pro smtpd_client_restrictions  smtpd_helo_restrictions 
smtpd_sender_restrictions  smtpd_recipient_restrictions



Vice info kdyztak mimo konferenci, protoze tohle vlastne vubec nesouvisi 
s FreeBSD



Druha otazka, kde si rad necham poradit, ktory pop a imap dnes pouzit
(uzivatelia su v passwd)?

Pozeral som packages, niektore veci vypadli, ale aj tak je na vyber viac
veci:


Kazdy ti poradi to, co vyhovuje jemu. A kazdy bude mit v tom svem pravdu :)

Ja jsem dlouhe roky pouzival Courier-IMAP, ale z meho pohledu dnesnim 
narokum uz nedostacuje a tak uz par let zpetne na nove servery nasazuji 
Dovecot / Dovecot2. A kde to jde, tam delam i migraci z Courier-IMAPu na 
Dovecot.


Mirek
--
FreeBSD mailing list ([email protected])
http://www.freebsd.cz/listserv/listinfo/users-l






















					Odpovedet emailem