Hier noch ein Nachtrag:
Meine main.cf schaut wie folgt aus:
[code]# Warning: This file is auto-generated and might be overwritten by
univention-config-registry.
Please edit the following file(s) instead:
Warnung: Diese Datei wurde automatisch generiert und kann durch
univention-config-registry überschrieben werden.
Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
/etc/univention/templates/files/etc/postfix/main.cf.d/10_general
/etc/univention/templates/files/etc/postfix/main.cf.d/30_maps
/etc/univention/templates/files/etc/postfix/main.cf.d/50_restrictions
/etc/univention/templates/files/etc/postfix/main.cf.d/60_tls
/etc/univention/templates/files/etc/postfix/main.cf.d/80_delivery
The message_size_limit parameter limits the total size in bytes of
a message, including envelope information. Default is 10240000
message_size_limit = 153600000
mailbox_size_limit limits the max. size of local mailboxes. Default is 51200000
mailbox_size_limit = 153600000
some basic path definitions
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
some basic mail system settings
myhostname = srv.ff.local
mydomain is unset - The default is to use $myhostname minus the first component.
#myorigin = srv.ff.local
myorigin = $mydomain
smtp_helo_name = srv.ff.local
append_dot_mydomain = no
append_at_myorigin = yes
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 10.1.22.0/24
masquerade_domains = $mydomain
masquerade_exceptions = root
transport_maps = hash:/etc/postfix/transport
we need to name a smtp relay host to which we forward non-local
mails. smtp authentication is also possible.
relayhost = mail.xxx.xx:465
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
disable_vrfy_command = no
banner
sender_canonical_maps = ldap:/etc/postfix/ldap.canonicalsender
local_header_rewrite_clients =
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/virtual,
ldap:/etc/postfix/ldap.groups,
ldap:/etc/postfix/ldap.distlist,
ldap:/etc/postfix/ldap.sharedfolderremote,
ldap:/etc/postfix/ldap.sharedfolderlocal,
ldap:/etc/postfix/ldap.virtual
virtual_mailbox_domains = ldap:/etc/postfix/ldap.virtualdomains
virtual_mailbox_maps = hash:/etc/postfix/virtual,
ldap:/etc/postfix/ldap.groups,
ldap:/etc/postfix/ldap.distlist,
ldap:/etc/postfix/ldap.sharedfolderremote,
ldap:/etc/postfix/ldap.sharedfolderlocal,
ldap:/etc/postfix/ldap.virtual
virtual_transport = lmtp:127.0.0.1:2003
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient
smtpd_sender_restrictions is not defined since all relevant checks have been moved to
smtpd_recipient_restrictions and every mail has to pass smtpd_recipient_restrictions too.
#smtpd_sender_restrictions =
#TLS settings
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_cert_file = /etc/univention/ssl/srv.ff.local/cert.pem
smtpd_tls_key_file = /etc/univention/ssl/srv.ff.local/private.key
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtp client
smtp_tls_security_level = may
Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
broken_sasl_auth_clients = yes
tls logging
smtp_tls_loglevel = 0
smtpd_tls_loglevel = 0
EDH config
smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
use the Postfix SMTP server’s cipher preference order instead of the remote client’s cipher preference order.
tls_preempt_cipherlist = yes
The Postfix SMTP server security grade for ephemeral elliptic-curve Diffie-Hellman (EECDH) key exchange
smtpd_tls_eecdh_grade = strong
if virus scanning is desired, all mails can be redirected through amavis.
content_filter = smtp-amavis:[127.0.0.1]:10024
[/code]
Außerdem hab ich die smtp_auth wie folgt erstellt
mail.xxx.xx benutzer:password
und diese mit postmap smtp_auth auf smtp_auth.db umgewandelt.
Auch die entsprechenden Variablen wurden in der UCS-Registry gesetzt.