Milí majitelé routerů Turris,
toto fórum bylo 9. 12. 2016 zmrazeno a nahrazeno naším novým Turris fórem. Ještě chvíli bude dostupné k prohlížení, ale již zde není možné přispívat. Více informací naleznete v oznámení o uzavření fóra.
Dear Turris routers users,
this forum has been frozen on Dec 9th, 2016 and replaced by our new Turris forum. It will be read-only accessible for some time after. For more information, read the announcement about closing the forum.
root@turris:~# postconf -m
cdb
cidr
environ
fail
inline
internal
ldap
memcache
pipemap
proxy
randmap
regexp
socketmap
static
tcp
texthash
unionmap
unix
submission 587/tcp
submission 587/udp
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
connect from localhost[127.0.0.1]
2015-06-23T14:57:24+02:00 warning postfix/smtpd[17408]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
2015-06-23T14:57:24+02:00 crit postfix/smtpd[17408]: fatal: no SASL authentication mechanisms
2015-06-23T14:57:25+02:00 warning postfix/master[17393]: warning: process /usr/libexec/postfix/smtpd pid 17408 exit status 1
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
Configuring postfix.
Warning: /usr/sbin/sendmail saved as /usr/sbin/sendmail.old
Collected errors:
* pkg_run_script: package "postfix" postinst script returned status 1.
* opkg_configure: postfix.postinst returned 1.
compatibility_level = 2
myhostname = mojedomena.cz
mydomain = mojedomena.cz
inet_interfaces = all
mydestination =
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks = 192.168.1.0/24 127.0.0.0/8
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
inet_protocols = ipv4
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
html_directory = no
manpage_directory = no
sample_directory = /etc/postfix
readme_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /usr/var/lib/postfix
queue_directory = /usr/var/spool/postfix
config_directory = /etc/postfix
mail_spool_directory = /usr/var/mail
mail_owner = postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
meta_directory = /etc/postfix
smtputf8_enable = no
## Customized Dovecot and virtual user-specific settings
canonical_maps = cdb:/etc/postfix/canonical
home_mailbox = /mnt/sd/Maildir/
message_size_limit = 51200000
virtual_alias_maps = cdb:/etc/postfix/virtual
virtual_mailbox_domains = cdb:/etc/postfix/virtual-mailbox-domains
virtual_mailbox_maps = cdb:/etc/postfix/virtual-mailbox-users
virtual_transport = dovecot
append_dot_mydomain = no
biff = no
## SASL authentication
broken_sasl_auth_clients = yes
mailbox_size_limit = 0
smtp_tls_session_cache_database = internal:${data_directory}/smtp_scache
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = internal:${data_directory}/smtpd_scache
tls_random_source = dev:/dev/urandom
## Customized smtpd paramters
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
# reject_unknown_helo_hostname,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
# reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_unknown_client_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_sender,
permit
smtpd_sender_restrictions =
reject_unknown_sender_domain,
reject_sender_login_mismatch
smtpd_sender_login_maps = $virtual_mailbox_maps
## Dealing with rejection: use permanent 550 errors to stop retries
unknown_address_reject_code = 550
unknown_hostname_reject_code = 550
unknown_client_reject_code = 550
## TLS for inbound connections (smtpd)
## the dh params
# smtpd_tls_dh512_param_file =
smtpd_tls_dh1024_param_file = /cesta/dhparams.pem
## enable ECDH
smtpd_tls_eecdh_grade = strong
## enabled SSL protocols, don't allow SSLv2 and SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
## TLS certs
smtpd_tls_ask_ccert = yes
## RSA key and certificate chain
smtpd_tls_cert_file = /cesta/server-CA.pem
smtpd_tls_key_file = /cesta/server.key
# ECDSA key and certificate chain
smtpd_tls_eccert_file = /cesta/server-CA.pem
smtpd_tls_eckey_file = /cesta/server.key
smtpd_tls_CAfile = /cesta/cacert.pem
## enable TLS
smtpd_tls_security_level = may
## allowed ciphers for smtpd_tls_security_level=encrypt
smtpd_tls_mandatory_ciphers = high
## allowed ciphers for smtpd_tls_security_level=may
smtpd_tls_ciphers = high
## enforce the server cipher preference
tls_preempt_cipherlist = yes
#disable following ciphers for smtpd_tls_security_level=encrypt
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
#disable following ciphers for smtpd_tls_security_level=may
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
## preference of ECDSA
tls_high_cipherlist = ECDSA+AESGCM:ECDSA+AES:ECDH+AESGCM:DH+AESGCM:ECDH+AES:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
#enable TLS logging to see the ciphers for inbound connections
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
## This setting will generate an error if you restart Postfix before
## adding the appropriate service definition in master.cf, so make
## sure to get that taken care of!
dovecot_destination_recipient_limit = 1
## Other customized mail server settings
default_destination_concurrency_limit = 5
disable_vrfy_command = yes
relay_destination_concurrency_limit = 1
## TLS for outbound connections (smtp)
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_use_tls = yes
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
## enable TLS logging to see the ciphers for outbound connections
smtp_tls_loglevel = 1
Configuration files go to this directory. See example configuration files in
/usr/share/doc/dovecot/example-config/
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/dovecot-auth {
mode = 0660
user = postfix
group = postfix
}
!include auth-passwdfile.conf.ext
!include auth-static.conf.ext
# Authentication for passwd-file users. Included from 10-auth.conf.
#
# passwd-like file with specified location.
# <doc/wiki/AuthDatabase.PasswdFile.txt>
passdb {
driver = passwd-file
args = username_format=%u scheme=ssha256 /etc/dovecot/passwd.db
deny = no
master = no
pass = no
skip = never
result_failure = continue
result_internalfail = continue
result_success = return-ok
}
#userdb {
# driver = passwd-file
# args = username_format=%u /etc/dovecot/users
# Default fields that can be overridden by passwd-file
#default_fields = quota_rule=*:storage=1G
# Override fields from passwd-file
#override_fields = home=/home/virtual/%u
#}
# Static passdb. Included from 10-auth.conf.
# This can be used for situations where Dovecot doesn't need to verify the
# username or the password, or if there is a single password for all users:
#
# - proxy frontend, where the backend verifies the password
# - proxy backend, where the frontend already verified the password
# - authentication with SSL certificates
# - simple testing
#passdb {
# driver = static
# args = proxy=y host=%1Mu.example.com nopassword=y
#}
#passdb {
# driver = static
# args = password=test
#}
userdb {
driver = static
args = uid=5000 gid=5000 home=/MOJE CESTA/Maildir/%d/%n
}
Powered by mwForum 2.29.3 © 1999-2013 Markus Wichitill