Hallo zusammen,
Ich komm nicht drauf was ich falsch gemacht habe bei der tls configuration:
hier die log meldung:
---------
warning: connect to private/tlsmgr: No such file or directory
warning: connect to private/tlsmgr: No such file or directory
warning: problem talking to server private/tlsmgr: No such file or directory
warning: no entropy for TLS key generation: disabling TLS support
------------
# postconf -n:
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = livingliquid.com
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain
mydomain = livingliquid.com
myhostname = mail.$mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
# cyrus.conf
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
lmtp_overquota_perm_failure: no
lmtp_downcase_rcpt: yes
#
tls_cert_file: /var/lib/imap/server.pem
tls_key_file: /var/lib/imap/server.pem
# so sieht es im /etc/postfix/ssl verzeichnis aus:
l /etc/postfix/ssl/
total 21
drwxr-xr-x 2 root root 208 Feb 3 14:21 ./
drwxr-xr-x 3 root root 1176 Feb 6 17:36 ../
-rw-r--r-- 1 root root 1094 Feb 3 14:21 cacert.pem
-rw-r--r-- 1 root root 963 Feb 3 14:21 cakey.pem
-rw-r--r-- 1 root root 977 Feb 3 14:19 smtpd.crt
-rw-r--r-- 1 root root 716 Feb 3 14:19 smtpd.csr
-rw-r--r-- 1 root root 891 Feb 3 14:20 smtpd.key
# so im /var/lib/imap
rwxr-x--- 13 cyrus mail 496 Feb 6 17:35 ./
drwxr-xr-x 30 root root 784 Feb 1 09:38 ../
-rw------- 1 cyrus mail 144 Feb 6 17:35 annotations.db
drwx------ 2 cyrus mail 336 Feb 6 17:45 backup/
drwxr-x--- 2 cyrus mail 232 Feb 6 17:35 db/
drwx------ 2 cyrus mail 144 Feb 6 17:35 db.backup1/
drwx------ 2 cyrus mail 144 Feb 6 17:25 db.backup2/
-rw------- 1 cyrus mail 8192 Feb 2 04:00 deliver.db
drwxr-x--- 3 cyrus mail 72 Feb 1 09:37 deliverdb/
drwxr-x--- 2 cyrus mail 48 Sep 9 19:46 log/
-rw------- 1 cyrus mail 1616 Feb 6 17:35 mailboxes.db
drwxr-x--- 2 cyrus mail 48 Sep 9 19:46 msg/
drwxr-x--- 2 cyrus mail 144 Feb 6 17:38 proc/
drwxr-x--- 28 cyrus mail 672 Feb 1 09:37 quota/
-rw-r--r-- 1 cyrus mail 2404 Feb 6 16:26 server.pem
drwxr-x--- 2 cyrus mail 192 Feb 6 17:35 socket/
-rw------- 1 cyrus mail 8192 Feb 2 04:00 tls_sessions.db
drwxr-x--- 28 cyrus mail 672 Feb 1 09:37 user/
wäre um hilfe dankbar.
lg,
thomas
ps. so habe ich die zertifikate generiert, falls das noch gebracuht wird:
# IMAP Certificate:
openssl req -new -x509 -nodes -out /var/lib/imap/server.pem -keyout /var/lib/imap/server.pem -days 3650
# Postfix Certificate:
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Ich komm nicht drauf was ich falsch gemacht habe bei der tls configuration:
hier die log meldung:
---------
warning: connect to private/tlsmgr: No such file or directory
warning: connect to private/tlsmgr: No such file or directory
warning: problem talking to server private/tlsmgr: No such file or directory
warning: no entropy for TLS key generation: disabling TLS support
------------
# postconf -n:
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = livingliquid.com
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain
mydomain = livingliquid.com
myhostname = mail.$mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
# cyrus.conf
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
lmtp_overquota_perm_failure: no
lmtp_downcase_rcpt: yes
#
tls_cert_file: /var/lib/imap/server.pem
tls_key_file: /var/lib/imap/server.pem
# so sieht es im /etc/postfix/ssl verzeichnis aus:
l /etc/postfix/ssl/
total 21
drwxr-xr-x 2 root root 208 Feb 3 14:21 ./
drwxr-xr-x 3 root root 1176 Feb 6 17:36 ../
-rw-r--r-- 1 root root 1094 Feb 3 14:21 cacert.pem
-rw-r--r-- 1 root root 963 Feb 3 14:21 cakey.pem
-rw-r--r-- 1 root root 977 Feb 3 14:19 smtpd.crt
-rw-r--r-- 1 root root 716 Feb 3 14:19 smtpd.csr
-rw-r--r-- 1 root root 891 Feb 3 14:20 smtpd.key
# so im /var/lib/imap
rwxr-x--- 13 cyrus mail 496 Feb 6 17:35 ./
drwxr-xr-x 30 root root 784 Feb 1 09:38 ../
-rw------- 1 cyrus mail 144 Feb 6 17:35 annotations.db
drwx------ 2 cyrus mail 336 Feb 6 17:45 backup/
drwxr-x--- 2 cyrus mail 232 Feb 6 17:35 db/
drwx------ 2 cyrus mail 144 Feb 6 17:35 db.backup1/
drwx------ 2 cyrus mail 144 Feb 6 17:25 db.backup2/
-rw------- 1 cyrus mail 8192 Feb 2 04:00 deliver.db
drwxr-x--- 3 cyrus mail 72 Feb 1 09:37 deliverdb/
drwxr-x--- 2 cyrus mail 48 Sep 9 19:46 log/
-rw------- 1 cyrus mail 1616 Feb 6 17:35 mailboxes.db
drwxr-x--- 2 cyrus mail 48 Sep 9 19:46 msg/
drwxr-x--- 2 cyrus mail 144 Feb 6 17:38 proc/
drwxr-x--- 28 cyrus mail 672 Feb 1 09:37 quota/
-rw-r--r-- 1 cyrus mail 2404 Feb 6 16:26 server.pem
drwxr-x--- 2 cyrus mail 192 Feb 6 17:35 socket/
-rw------- 1 cyrus mail 8192 Feb 2 04:00 tls_sessions.db
drwxr-x--- 28 cyrus mail 672 Feb 1 09:37 user/
wäre um hilfe dankbar.
lg,
thomas
ps. so habe ich die zertifikate generiert, falls das noch gebracuht wird:
# IMAP Certificate:
openssl req -new -x509 -nodes -out /var/lib/imap/server.pem -keyout /var/lib/imap/server.pem -days 3650
# Postfix Certificate:
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650