<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Am 18.12.2013 21:46, schrieb Markus
      Hohlmeier:<br>
    </div>
    <blockquote cite="mid:52B209A9.9020107@hohlmeier.de" type="cite">
      <blockquote cite="mid:52B1E0F5.1090805@aon.at" type="cite"><font
          face="monospace">Die von mir verwendeten, nicht
          funktionierenden SMTP Server Einstellung in Thunderbird:<br>
        </font>
        <blockquote><tt>Port: 25</tt><tt><br>
          </tt><tt>Verbindungssicherheit: SSL/TLS</tt><tt><br>
          </tt></blockquote>
      </blockquote>
      <br>
      Bitte ohne SSL versuchen. Das kann so nicht gehen da du in Postfix
      nichts in dieser Hinsicht konfiguriert hast.<br>
      <br>
    </blockquote>
    <br>
    Ohne SSL funktioniert es ja, sehe ich gerade! <br>
    <br>
    Wahrscheinlich habe ich so viel herumgeändert, dass ich das gar
    nicht mehr bemerkt habe. <span class="moz-smiley-s8"><span> =-O </span></span><br>
    Ich hatte gedacht, dass das Zertifikat, das ich für Dovecot erstellt
    habe, hier auch verwendet wird.<br>
    <br>
    Der Server läuft übrigens unter Suse 12.3<br>
    <br>
    Nun, da es ohne Verschlüsselung geht, sollte es aber auch mit
    Verschlüsselung gelingen, dachte ich.<br>
    Nun habe ich nach einer Anleitung, ein Zertifikat für Postfix mit
    folgenden Befehlen erstellt:<br>
    <blockquote>
      <p class="command"><tt>mkdir /etc/postfix/ssl</tt><tt><br>
        </tt><tt>
          cd /etc/postfix/ssl/</tt><tt><br>
        </tt><tt>
          openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024</tt></p>
      <tt>
      </tt>
      <p class="command"><tt>chmod 600 smtpd.key</tt><tt><br>
        </tt><tt>
          openssl req -new -key smtpd.key -out smtpd.csr</tt></p>
      <tt>
      </tt>
      <p class="command"><tt>openssl x509 -req -days 3650 -in smtpd.csr
          -signkey smtpd.key -out smtpd.crt</tt></p>
      <tt>
      </tt>
      <p class="command"><tt>openssl rsa -in smtpd.key -out
          smtpd.key.unencrypted</tt></p>
      <tt>
      </tt>
      <p class="command"><tt>mv -f smtpd.key.unencrypted smtpd.key</tt><tt><br>
        </tt><tt>
          openssl req -new -x509 -extensions v3_ca -keyout cakey.pem
          -out cacert.pem -days 3650<br>
        </tt></p>
    </blockquote>
    <p class="command">Dann habe ich nach der gleichen Anleitung die
      Postfix-Konfiguration ergänzt bzw. geändert:<tt><br>
      </tt></p>
    <blockquote>
      <p class="command"><tt>postconf -e "mydomain = xxxxx.xx"</tt><tt><br>
        </tt><tt>postconf -e "myhostname = xxx.xxxxx"</tt><tt><br>
        </tt><tt>postconf -e "mynetworks = 127.0.0.0/8"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_sasl_local_domain ="</tt><tt><br>
        </tt><tt>postconf -e "smtpd_sasl_auth_enable = yes"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_sasl_security_options = noanonymous"</tt><tt><br>
        </tt><tt>postconf -e "broken_sasl_auth_clients = yes"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_recipient_restrictions =
          permit_sasl_authenticated,permit_mynetworks,check_relay_domains"</tt><tt><br>
        </tt><tt>postconf -e "inet_interfaces = all"</tt><tt><br>
        </tt><tt>postconf -e "alias_maps = hash:/etc/aliases"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_tls_auth_only = no"</tt><tt><br>
        </tt><tt>postconf -e "smtp_use_tls = yes"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_use_tls = yes"</tt><tt><br>
        </tt><tt>postconf -e "smtp_tls_note_starttls_offer = yes"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_tls_key_file =
          /etc/postfix/ssl/smtpd.key"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_tls_cert_file =
          /etc/postfix/ssl/smtpd.crt"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_tls_CAfile =
          /etc/postfix/ssl/cacert.pem"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_tls_loglevel = 1"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_tls_received_header = yes"</tt><tt><br>
        </tt><tt>postconf -e "smtpd_tls_session_cache_timeout = 3600s"</tt><tt><br>
        </tt><tt>postconf -e "tls_random_source = dev:/dev/urandom"</tt><tt><br>
        </tt></p>
    </blockquote>
    <p class="command">Die gesamte Konfiguration schaut jetzt so aus:<tt><br>
      </tt></p>
    <p class="command"><tt>postconf -n<br>
        <br>
      </tt><tt>alias_maps = hash:/etc/aliases</tt><br>
      <tt>biff = no</tt><br>
      <tt>broken_sasl_auth_clients = yes</tt><br>
      <tt>canonical_maps = hash:/etc/postfix/canonical</tt><br>
      <tt>command_directory = /usr/sbin</tt><br>
      <tt>config_directory = /etc/postfix</tt><br>
      <tt>content_filter =</tt><br>
      <tt>daemon_directory = /usr/lib/postfix</tt><br>
      <tt>data_directory = /var/lib/postfix</tt><br>
      <tt>debug_peer_level = 2</tt><br>
      <tt>debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
        $daemon_directory/$process_name $process_id & sleep 5</tt><br>
      <tt>defer_transports =</tt><br>
      <tt>delay_warning_time = 1h</tt><br>
      <tt>disable_dns_lookups = no</tt><br>
      <tt>disable_mime_output_conversion = no</tt><br>
      <tt>html_directory = /usr/share/doc/packages/postfix-doc/html</tt><br>
      <tt>inet_interfaces = all</tt><br>
      <tt>inet_protocols = all</tt><br>
      <tt>mail_owner = postfix</tt><br>
      <tt>mail_spool_directory = /var/mail</tt><br>
      <tt>mailbox_command =</tt><br>
      <tt>mailbox_size_limit = 0</tt><br>
      <tt>mailbox_transport =</tt><br>
      <tt>mailq_path = /usr/bin/mailq</tt><br>
      <tt>manpage_directory = /usr/share/man</tt><br>
      <tt>masquerade_classes = envelope_sender, header_sender,
        header_recipient</tt><br>
      <tt>masquerade_domains =</tt><br>
      <tt>masquerade_exceptions = root</tt><br>
      <tt>message_size_limit = 0</tt><br>
      <tt>message_strip_characters = \0</tt><br>
      <tt>mydestination = $myhostname, localhost.$mydomain</tt><br>
      <tt>mydomain = yyyy.yy</tt><br>
      <tt>myhostname = xxx.xxxxx</tt><br>
      <tt>mynetworks = 127.0.0.0/8</tt><br>
      <tt>newaliases_path = /usr/bin/newaliases</tt><br>
      <tt>queue_directory = /var/spool/postfix</tt><br>
      <tt>readme_directory =
        /usr/share/doc/packages/postfix-doc/README_FILES</tt><br>
      <tt>relay_domains = $mydestination, hash:/etc/postfix/relay</tt><br>
      <tt>relayhost =</tt><br>
      <tt>relocated_maps = hash:/etc/postfix/relocated</tt><br>
      <tt>sample_directory = /usr/share/doc/packages/postfix-doc/samples</tt><br>
      <tt>sender_canonical_maps = hash:/etc/postfix/sender_canonical</tt><br>
      <tt>sendmail_path = /usr/sbin/sendmail</tt><br>
      <tt>setgid_group = maildrop</tt><br>
      <tt>smtp_tls_note_starttls_offer = yes</tt><br>
      <tt>smtp_use_tls = yes</tt><br>
      <tt>smtpd_client_restrictions =</tt><br>
      <tt>smtpd_helo_required = no</tt><br>
      <tt>smtpd_helo_restrictions =</tt><br>
      <tt>smtpd_recipient_restrictions =
        permit_sasl_authenticated,permit_mynetworks,check_relay_domains</tt><br>
      <tt>smtpd_sasl_auth_enable = yes</tt><br>
      <tt>smtpd_sasl_local_domain =</tt><br>
      <tt>smtpd_sasl_path = private/auth</tt><br>
      <tt>smtpd_sasl_security_options = noanonymous</tt><br>
      <tt>smtpd_sasl_type = dovecot</tt><br>
      <tt>smtpd_sender_restrictions = hash:/etc/postfix/access</tt><br>
      <tt>smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem</tt><br>
      <tt>smtpd_tls_auth_only = no</tt><br>
      <tt>smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt</tt><br>
      <tt>smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key</tt><br>
      <tt>smtpd_tls_loglevel = 1</tt><br>
      <tt>smtpd_tls_received_header = yes</tt><br>
      <tt>smtpd_tls_session_cache_timeout = 3600s</tt><br>
      <tt>smtpd_use_tls = yes</tt><br>
      <tt>strict_8bitmime = no</tt><br>
      <tt>strict_rfc821_envelopes = no</tt><br>
      <tt>tls_random_source = dev:/dev/urandom</tt><br>
      <tt>transport_maps = hash:/etc/postfix/transport</tt><br>
      <tt>unknown_local_recipient_reject_code = 550</tt><br>
      <tt>virtual_alias_domains = hash:/etc/postfix/virtual</tt><br>
      <tt>virtual_alias_maps = hash:/etc/postfix/virtual<br>
      </tt></p>
    <p class="command"><tt>Leider funktioniert es jetzt trotzdem nicht,
        mit Thunderbird eine verschlüsselte SMTP Verbindung zum Server
        zu verwenden..<br>
        Ich nehme an, der Durcheinander in Postfix ist jetzt perfekt.<br>
        Die Anleitung, nach der ich im Prinzip vorgegangen bin, ist hier
        zu finden und ist wahrscheinlich etwas veraltet: <br>
<a class="moz-txt-link-freetext" href="http://www.howtoforge.de/anleitung/der-perfekte-server-opensuse-103-32-bit/7/">http://www.howtoforge.de/anleitung/der-perfekte-server-opensuse-103-32-bit/7/</a><br>
      </tt></p>
    Bitte um Hilfe.<br>
    Ferdinand<br>
    <br>
    <div class="moz-signature">-- <br>
      <meta http-equiv="content-type" content="text/html;
        charset=ISO-8859-1">
      <title></title>
      <div class="moz-signature" style="font-family:monospace;">
        Ferdinand Gruber<br>
        <a class="moz-txt-link-abbreviated" href="mailto:f.gruber@eduhi.at">f.gruber@eduhi.at</a><br>
        00 43 7249 48737<br>
        00 43 650 542 88 33<br>
        Grieskirchner Straße 22<br>
        4701 Bad Schallerbach<br>
        <a href="http://www.lpi.org/eng/certification/the_lpic_program">LPIC-1
          zertifiziert</a> </div>
    </div>
  </body>
</html>