Postfix SMTP Probleme Verschlüsselung nach Upgrade auf jessi

Debian macht sich hervorragend als Web- und Mailserver. Schau auch in den " Tipps und Tricks"-Bereich.
Antworten
ande
Beiträge: 29
Registriert: 13.10.2003 10:36:29
Wohnort: Freiburg
Kontaktdaten:

Postfix SMTP Probleme Verschlüsselung nach Upgrade auf jessi

Beitrag von ande » 10.08.2016 10:28:24

Liebe Leute,

nachdem ich das Problem gestern behoben konnte, habe ich heute folgende Meldungen im Logfile:

Code: Alles auswählen

SSL_accept:before/accept initialization
Aug 10 10:27:12 eins postfix/smtps/smtpd[7749]: read from 7FD1F410D590 [7FD1F411BFB0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Aug 10 10:27:19 eins postfix/smtps/smtpd[7197]: read from 7F07767AB5C0 [7F07767B8EE0] (11 bytes => 0 (0x0))
Aug 10 10:27:19 eins postfix/smtps/smtpd[7197]: SSL_accept error from unknown[112.220.127.26]: lost connection
Aug 10 10:27:19 eins postfix/smtps/smtpd[7197]: lost connection after CONNECT from unknown[112.220.127.26]
Aug 10 10:27:19 eins postfix/smtps/smtpd[7197]: disconnect from unknown[112.220.127.26]
Aug 10 10:27:19 eins postfix/smtps/smtpd[6076]: connect from unknown[112.220.127.26]
Aug 10 10:27:19 eins postfix/smtps/smtpd[6076]: setting up TLS connection from unknown[112.220.127.26]
Aug 10 10:27:19 eins postfix/smtps/smtpd[6076]: unknown[112.220.127.26]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Aug 10 10:27:19 eins postfix/smtps/smtpd[6076]: SSL_accept:before/accept initialization
Aug 10 10:27:19 eins postfix/smtps/smtpd[6076]: read from 7FCF271C46E0 [7FCF271D1EE0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Aug 10 10:27:22 eins postfix/smtps/smtpd[7749]: read from 7FD1F410D590 [7FD1F411BFB0] (11 bytes => 0 (0x0))
Aug 10 10:27:22 eins postfix/smtps/smtpd[7749]: SSL_accept error from rdp02.snthostings.com[62.210.188.27]: lost connection
Aug 10 10:27:22 eins postfix/smtps/smtpd[7749]: lost connection after CONNECT from rdp02.snthostings.com[62.210.188.27]
Aug 10 10:27:22 eins postfix/smtps/smtpd[7749]: disconnect from rdp02.snthostings.com[62.210.188.27]
Aug 10 10:27:22 eins postfix/smtps/smtpd[4670]: connect from rdp02.snthostings.com[62.210.188.27]
Aug 10 10:27:22 eins postfix/smtps/smtpd[4670]: setting up TLS connection from rdp02.snthostings.com[62.210.188.27]
Aug 10 10:27:22 eins postfix/smtps/smtpd[4670]: rdp02.snthostings.com[62.210.188.27]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Aug 10 10:27:22 eins postfix/smtps/smtpd[4670]: SSL_accept:before/accept initialization
Aug 10 10:27:22 eins postfix/smtps/smtpd[4670]: read from 7F995AD207C0 [7F995AD2EEE0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Es scheint nun gar keine Mail mehr herinzukommen.

Da einige Kunden auf Mail warten: Wie schalte ich in einem ersten Schritt alle Verschlüsselung für SMTP ab? Mail holen mit PIOP3 und IMAP funktioniert.

Hier meine postconf -n

Code: Alles auswählen

alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = eins.xxx.tld, localhost, localhost.localdomain
myhostname = eins.xxx.tld
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/eins.dellekom.net.crt
smtpd_tls_key_file = /etc/ssl/private/eins.dellekom.net.key
smtpd_tls_loglevel = 3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = maildrop
virtual_uid_maps = static:5000
Nach oben
Benutzeravatar
TRex
Moderator
Beiträge: 8074
Registriert: 23.11.2006 12:23:54
Wohnort: KA

Re: Postfix SMTP Probleme Verschlüsselung nach Upgrade auf j

Beitrag von TRex » 10.08.2016 12:29:34

ande hat geschrieben:Kunden
Kunden? Du betreibst ein System mit "Kunden" und bist mit der SSL-Konfiguration überfordert/willst sie deaktivieren, damit es "wieder geht"?

Bitte lass das von jemandem betreiben, der weiß, was er tut - das ist grob fahrlässig.
Jesus saves. Buddha does incremental backups.
Windows ist doof, Linux funktioniert nichtDon't break debian!Wie man widerspricht
Nach oben
ande
Beiträge: 29
Registriert: 13.10.2003 10:36:29
Wohnort: Freiburg
Kontaktdaten:

Re: Postfix SMTP Probleme Verschlüsselung nach Upgrade auf j

Beitrag von ande » 10.08.2016 15:43:37

Hallo TRex,

gerne komm ich mal bei Dir vorbei und schaue was Du so alles in Deiner Firma wie machst. Wetten wir ich finde was wovon Du keine Ahnung hast?

Ich schreibe Software und ich nutze Software. Die die ich nutze schreibe ich halt nicht.

Konnte das Problem mit Hilfe eines Profis lösen. Siehe anderer Thread.
Nach oben
Antworten

Zurück zu „Web- und Mailserver“