<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Hallo Uwe,<div><br></div><div>die Fehlermeldungen bezüglich SASL habe ich mir noch nicht angesehen.</div><div><br></div><div>Kannst Du mal bitte die folgenden Kommandos auf der Maschine absetzen:</div><div><br></div><div>SSL:</div><div>






<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->

<!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->



<!--StartFragment--><span lang="NL" style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US">openssl s_client -showcerts
-connect localhost:443</span></div><div><span lang="NL" style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US">






<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->

<!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->



<!--StartFragment--><span lang="NL" style="font-size: 10pt;">openssl s_client -showcerts
-connect localhost:636</span></span></div><div><span lang="NL" style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US"><span lang="NL" style="font-size: 10pt;">






<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->

<!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->



<!--StartFragment--><span lang="NL" style="font-size: 10pt;">openssl s_client -showcerts
-connect localhost:993</span><!--EndFragment-->



</span></span></div><div><span lang="NL" style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US"><span lang="NL" style="font-size: 10pt;"><span lang="NL" style="font-size: 10pt;">






<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->

<!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->



<!--StartFragment--><span lang="NL" style="font-size: 10pt;">openssl s_client -showcerts
-connect localhost:995</span></span></span></span></div><div><br></div><div>START TLS:</div><div>openssl s_client -showcerts -starttls smtp -connect localhost:25</div><div><div>openssl s_client -showcerts -starttls pop3 -connect localhost:110</div></div><div><div>openssl s_client -showcerts -starttls imap -connect localhost:143</div></div><div><div>openssl s_client -showcerts -starttls smtp -connect localhost:587</div><div><br></div><div>Du solltest überall die richtigen Zertifikate angezeigt bekommen.</div><div><br></div><div>Zusätzlich ist es übrigens eine gute Idee die verwendeten Ciphers zu härten.</div><div><br></div><div>---</div><div><br></div><div>Ich kopier Dir mal mein Installationsprotokoll ans Ende. Vielleicht hilft das ja. Wichtig dabei ist, dass wir intern Zertifikate unsere eigenen CA und nur für den extern erreichbaren SMTP (postfix) ein offizielles EssentailSSL Zertifikat von Comodo verwenden. Also nicht wundern.</div><div><br></div><div>Cheers,</div><div>Markus</div><div><br></div><div>






<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>1382</o:Words>
  <o:Characters>7879</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>65</o:Lines>
  <o:Paragraphs>15</o:Paragraphs>
  <o:CharactersWithSpaces>9675</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->

<!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->



<!--StartFragment-->

<h1><a name="_Toc261725217"><span lang="NL">Kolab mit SSL absichern</span></a></h1>

<h2><a name="_Toc261725218"><span lang="NL">Gruppe ssl-cert</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# groupadd ssl-cert</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a -G ssl-cert mail</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a -G ssl-cert postfix</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a -G ssl-cert cyrus</span></p>

<h2><a name="_Toc261725219"><span lang="NL">Install certs</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
certificate-authorities/SCMB\ GmbH\ Intranet\
CA/keys-renamed/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key /etc/pki/tls/private/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp certificate-authorities/SCMB\
GmbH\ Intranet\ CA/keys-renamed/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt
/etc/pki/tls/certs/</span></p><p class="MsoNormal"><span lang="NL">[root@mail
~]# cp certificate-authorities/SCMB\ GmbH\ Root\
CA/keys-renamed/SCMB-GmbH-Root-CA.crt /etc/pki/tls/certs/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp certificate-authorities/SCMB\
GmbH\ Intranet\ CA/keys-renamed/SCMB-GmbH-Intranet-CA.crt /etc/pki/tls/certs/</span></p>

<h2><a name="_Toc261725220"><span lang="NL">Build bundles</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
/etc/pki/tls/certs/SCMB-GmbH-*.crt
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key >
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.bundle.pem</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
/etc/pki/tls/certs/SCMB-GmbH-*CA.*.crt >
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.chain.pem</span></p>

<h2><a name="_Toc261725221"><span lang="NL">Fix rights</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# chown root:ssl-cert
/etc/pki/tls/private/SCMB-*</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# chmod 440
/etc/pki/tls/private/SCMB-*</span></p>

<h2><a name="_Toc261725222"><span lang="NL">CA bundle</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
/etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.orig</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
/etc/pki/tls/certs/SCMB-GmbH-*CA.crt >> /etc/pki/tls/certs/ca-bundle.crt</span></p>

<h2><a name="_Toc261725223"><span lang="NL">Cyrus IMAPD</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -r -i -e
's|^tls_cert_file:.*|tls_cert_file:
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt|g' -e
's|^tls_key_file:.*|tls_key_file:
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key|g' -e
's|^tls_ca_file:.*|tls_ca_file:
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.chain.pem|g' /etc/imapd.conf</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service cyrus-imapd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl s_client -showcerts
-connect localhost:993</span></p>

<h2><a name="_Toc261725224"><span lang="NL">Postfix</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf -e
smtpd_tls_key_file=/etc/pki/tls/private/EssentialSSLCA-2-mail.scmb.de.key</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf -e
smtpd_tls_cert_file=/etc/pki/tls/certs/EssentialSSLCA-2-mail.scmb.de.crt</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf -e
smtpd_tls_CAfile=/etc/pki/tls/certs/EssentialSSLCA-2.chain.pem</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service postfix restart </span></p>

<h2><a name="_Toc261725225"><span lang="NL">Apache</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -d /etc/httpd/alias
-A  -t "CT,," -i
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.crt -n "SCMB GmbH Intranet
Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -d /etc/httpd/alias
-A  -t "CT,," -i
/etc/pki/tls/certs/SCMB-GmbH-Root-CA.crt -n "SCMB GmbH Root Certification
Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -D -d /etc/httpd/alias
-n "Server-Cert" </span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl pkcs12 -export -in
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt -inkey
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key -out
/tmp/example.p12 -name Server-Cert -passout pass:foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# echo "foo" >
/tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# pk12util -i /tmp/example.p12 -d
/etc/httpd/alias -w /tmp/foo -k /dev/null</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm /tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm /tmp/example.p12</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -L -d /etc/httpd/alias</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -V -u V -d
/etc/httpd/alias -n "Server-Cert"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e 's/8443/443/'
/etc/httpd/conf.d/nss.conf</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat >>
/etc/httpd/conf/httpd.conf << EOF</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL"><VirtualHost _default_:80></span></p><p class="MsoNormal"><span lang="NL">    RewriteEngine On</span></p><p class="MsoNormal"><span lang="NL">    RewriteRule ^(.*)$ <a href="https://%{HTTP_HOST}\$1">https://%{HTTP_HOST}\$1</a>
[R=301,L]</span></p><p class="MsoNormal"><span lang="NL"></VirtualHost></span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service httpd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl s_client -showcerts
-connect localhost:443</span></p>

<h2><a name="_Toc261725226"><span lang="NL">389 Directory Server</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -d
/etc/dirsrv/slapd-mail/ -A  -t
"CT,," -i /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.crt -n "SCMB
GmbH Intranet Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -d
/etc/dirsrv/slapd-mail/ -A  -t
"CT,," -i /etc/pki/tls/certs/SCMB-GmbH-Root-CA.crt -n "SCMB GmbH
Root Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl pkcs12 -export -in
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt -inkey
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key -out
/tmp/example.p12 -name Server-Cert -passout pass:foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# echo "foo" >
/tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# pk12util -i /tmp/example.p12 -d
/etc/dirsrv/slapd-mail/ -w /tmp/foo -k /dev/null</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm /tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm /tmp/example.p12</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil -L -d
/etc/dirsrv/slapd-mail/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapmodify -x -h localhost -p
389     -D
"cn=Directory Manager" -W</span></p><p class="MsoNormal"><span lang="NL">Enter LDAP Password:</span></p><p class="MsoNormal"><span lang="NL">dn: cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3</span></p><p class="MsoNormal"><span lang="NL">nsSSL3: on</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSLClientAuth</span></p><p class="MsoNormal"><span lang="NL">nsSSLClientAuth: allowed</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">add: nsSSL3Ciphers</span></p><p class="MsoNormal"><span lang="NL">nsSSL3Ciphers:
-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,</span></p><p class="MsoNormal"><span lang="NL"> +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,</span></p><p class="MsoNormal"><span lang="NL"> +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,</span></p><p class="MsoNormal"><span lang="NL"> +tls_rsa_export1024_with_des_cbc_sha</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL">dn: cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">add: nsslapd-security</span></p><p class="MsoNormal"><span lang="NL">nsslapd-security: on</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsslapd-ssl-check-hostname</span></p><p class="MsoNormal"><span lang="NL">nsslapd-ssl-check-hostname: off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsslapd-secureport</span></p><p class="MsoNormal"><span lang="NL">nsslapd-secureport: 636</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL">dn: cn=RSA,cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: add</span></p><p class="MsoNormal"><span lang="NL">objectclass: top</span></p><p class="MsoNormal"><span lang="NL">objectclass: nsEncryptionModule</span></p><p class="MsoNormal"><span lang="NL">cn: RSA</span></p><p class="MsoNormal"><span lang="NL">nsSSLPersonalitySSL: Server-Cert</span></p><p class="MsoNormal"><span lang="NL">nsSSLToken: internal (software)</span></p><p class="MsoNormal"><span lang="NL">nsSSLActivation: on</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl s_client -showcerts -connect
localhost:636</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapsearch -x -H
<a href="ldap://localhost">ldap://localhost</a> -b "cn=kolab,cn=config" -D "cn=Directory
Manager" -W</span></p>

<h2><a name="_Toc261725227"><span lang="NL">Harden SSL Ciphers</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# grep NSSCipherSuite
/etc/httpd/conf.d/nss.conf</span></p><p class="MsoNormal"><span lang="NL">NSSCipherSuite
-rsa_rc4_128_md5,-rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,-ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,-ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,-ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service httpd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan --no-failed
localhost:443</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapmodify -x -h localhost -p
389     -D
"cn=Directory Manager" -W</span></p><p class="MsoNormal"><span lang="NL">Enter LDAP Password:</span></p><p class="MsoNormal"><span lang="NL">dn: cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3</span></p><p class="MsoNormal"><span lang="NL">nsSSL3: off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL2</span></p><p class="MsoNormal"><span lang="NL">nsSSL2: off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3Ciphers</span></p><p class="MsoNormal"><span lang="NL">nsSSL3Ciphers: -rc4,-rc4export,-rc2,-rc2export,-des,-desede3,-rsa_rc4_128_md5,-rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,+rsa_fips_3des_sha,+fips_3des_sha,-rsa_fips_des_sha,-fips_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,-tls_rsa_export1024_with_rc4_56_sha,-rsa_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha,-rsa_des_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-dhe_dss_des_sha,+dhe_dss_3des_sha,-dhe_rsa_des_sha,+dhe_rsa_3des_sha,+tls_rsa_aes_128_sha,+rsa_aes_128_sha,+tls_dhe_dss_aes_128_sha,+tls_dhe_rsa_aes_128_sha,+tls_rsa_aes_256_sha,+rsa_aes_256_sha,+tls_dhe_dss_aes_256_sha,+tls_dhe_rsa_aes_256_sha,-tls_dhe_dss_1024_rc4_sha,-tls_dhe_dss_rc4_128_sha</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service dirsrv restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan --no-failed localhost:636</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# grep tls_cipher /etc/imapd.conf</span></p><p class="MsoNormal"><span lang="NL">tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service cyrus-imapd restart</span></p>

<p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan --no-failed localhost:993</span></p><h2><a name="_Toc261725228"><span lang="NL">Kolab CLI</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -r -i -e '/api_url/d' -e
"s#\[kolab_wap\]#[kolab_wap]\napi_url =
<a href="https://mail.intranet.scmb.de/kolab-webadmin/api#g">https://mail.intranet.scmb.de/kolab-webadmin/api#g</a>" /etc/kolab/kolab.conf</span></p>

<h2><a name="_Toc261725229"><span lang="NL">Roundcube</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e '/kolab_ssl/d'
/etc/roundcubemail/libkolab.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e 's/http:/https:/'
/etc/roundcubemail/kolab_files.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e '/^?>/d'
/etc/roundcubemail/config.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat >>
/etc/roundcubemail/config.inc.php << EOF</span></p><p class="MsoNormal"><span lang="NL">\$config['kolab_http_request'] = array(</span></p><p class="MsoNormal"><span lang="NL">        'ssl_verify_peer'       =>
true,</span></p><p class="MsoNormal"><span lang="NL">        'ssl_verify_host'       =>
true,</span></p><p class="MsoNormal"><span lang="NL">        'ssl_cafile'           
=> '/etc/pki/tls/certs/ca-bundle.crt'</span></p><p class="MsoNormal"><span lang="NL">);</span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat >>
/etc/roundcubemail/config.inc.php << EOF\$config['calendar_caldav_url']            
= "<a href="https://mail.intranet.scmb.de/iRony/calendars/%u/%i">https://mail.intranet.scmb.de/iRony/calendars/%u/%i</a>";</span></p><p class="MsoNormal"><span lang="NL">\$config['kolab_addressbook_carddav_url']   =
'<a href="https://mail.intranet.scmb.de/iRony/addressbooks/%u/%i'">https://mail.intranet.scmb.de/iRony/addressbooks/%u/%i'</a>;</span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><p class="MsoNormal"><span lang="NL"> </span></p><p class="MsoNormal"><span lang="NL">Fix indenting and php close tag at the end of </span>/etc/roundcubemail/config.inc.php!</p><p class="MsoNormal"><span lang="NL"> </span></p>

<h2><a name="_Toc261725230"><span lang="NL">ipTables</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat /etc/sysconfig/iptables</span></p><p class="MsoNormal"><span lang="NL"># Firewall configuration written by
system-config-firewall</span></p><p class="MsoNormal"><span lang="NL"># Manual customization of this file is not
recommended.</span></p><p class="MsoNormal"><span lang="NL">*filter</span></p><p class="MsoNormal"><span lang="NL">:INPUT ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">:FORWARD ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">:OUTPUT ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state ESTABLISHED,RELATED
-j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -p icmp -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -i lo -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 22 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 25 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 80 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state --state NEW -m tcp -p tcp
--dport 110 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state --state NEW -m tcp -p tcp
--dport 143 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state --state NEW -m tcp -p tcp
--dport 389 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 443 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 465 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 587 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 636 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 993 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state NEW -m tcp -p tcp
--dport 995 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -j REJECT --reject-with
icmp-host-prohibited</span></p><p class="MsoNormal"><span lang="NL">-A FORWARD -j REJECT --reject-with
icmp-host-prohibited</span></p><p class="MsoNormal"><span lang="NL">COMMIT</span></p>

<!--EndFragment--></div><div><br></div><div><br></div><div><br></div><div></div></div><div><br><div><div>Am 15.05.2014 um 09:09 schrieb IG BEB GmbH (Herr Treber) <<a href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div><br class="Apple-interchange-newline"><blockquote type="cite">
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix"><font size="-1">Hallo Markus</font>,<br>
      <small>die Datei setup_mta.py hatte ich schon angepasst.<br>
        Hab nun auch noch folgendes Problem:<br>
        Bei der Kontoeinrichtung mit Thunderbird als Mailclient bekomme
        ich einfach<br>
        kein Zugang zu Kolab, bringt immer Benutzername oder Kennwort
        falsch.<br>
        Egal welchen Port oder welche Verschlüsselung ich wähle.<br>
        <br>
        Das Protokoll maillog bringt diese Fehlermeldung:<br>
        May 15 09:00:27 web imaps[4343]: Fatal error:
        tls_start_servertls() failed<br>
        May 15 09:00:27 web master[3122]: process type:SERVICE
        name:imaps path:/usr/lib/cyrus-imapd/imapd age:25.271s pid:4343
        signaled to death by signal 6 (Aborted, core dumped)<br>
        May 15 09:03:05 web postfix/smtpd[5028]: warning: 192.168.1.13:
        address not listed for hostname localhost<br>
        May 15 09:03:05 web postfix/smtpd[5028]: connect from
        unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/submission/smtpd[5027]: warning:
        192.168.1.13: address not listed for hostname localhost<br>
        May 15 09:03:05 web postfix/submission/smtpd[5027]: connect from
        unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/smtpd[5028]: disconnect from
        unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/submission/smtpd[5027]: disconnect
        from unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/smtpd[5028]: warning: 192.168.1.13:
        address not listed for hostname localhost<br>
        May 15 09:03:05 web postfix/smtpd[5028]: connect from
        unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/submission/smtpd[5027]: warning:
        192.168.1.13: address not listed for hostname localhost<br>
        May 15 09:03:05 web postfix/submission/smtpd[5027]: connect from
        unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/submission/smtpd[5027]: lost
        connection after CONNECT from unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/submission/smtpd[5027]: disconnect
        from unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/smtpd[5028]: lost connection after
        CONNECT from unknown[192.168.1.13]<br>
        May 15 09:03:05 web postfix/smtpd[5028]: disconnect from
        unknown[192.168.1.13]<br>
        May 15 09:03:09 web imap[3404]: STARTTLS negotiation failed:
        localhost [192.168.1.13]<br>
        May 15 09:03:10 web imap[3404]: Connection reset by peer,
        closing connection<br>
        May 15 09:03:10 web imap[5026]: STARTTLS negotiation failed:
        localhost [192.168.1.13]<br>
        May 15 09:03:10 web imap[5026]: Connection reset by peer,
        closing connection<br>
        <br>
        Hängt das irgendwie zusammen?<br>
        Muss der Dienst saslauthd von CentOS laufen oder übernimmt das
        kolab-saslauthd.<br>
        Fragen über Fragen.<br>
        <br>
        Kennt sich da jemand aus?<br>
        <br>
        Danke.<br>
        Uwe<br>
        ------------- <br>
      </small>
      <div class="moz-signature">
        <div class="Section1"><br>
        </div>
      </div>
      Am 14.05.2014 22:20, schrieb Markus Bernhardt:<br>
    </div>
    <blockquote cite="mid:AB601F24-6D1D-4E22-A71F-879AF4D9F071@me.com" type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      Hi,
      <div><br>
      </div>
      <div>ich habe genau das gleiche Setup am Laufen.</div>
      <div><br>
      </div>
      <div>Folgende Fehler habe ich auch im Log:</div>
      <div>May 14 21:50:14 mail lmtpunix[32137]: ptload(): bad response
        from ptloader server: identifier not found</div>
      <div>May 14 21:50:14 mail lmtpunix[32137]: ptload failed for
        markus^<a moz-do-not-send="true" href="mailto:bernhardt@scmb.de">bernhardt@scmb.de</a></div>
      <div>May 14 22:00:01 mail imaps[8801]: SASL unable to open
        Berkeley db /etc/sasldb2: No such file or directory</div>
      <div><br>
      </div>
      <div>Aber nicht den ersten:</div>
      > May 14 13:58:15 web ptloader[3603]: LDAP search for domain
      failed.
      <div><br>
      </div>
      <div>Bei mir im Log:<br>
        <div>May 14 04:30:01 mail ptloader[25396]: starting:
          ptloader.c,v git2.5+0</div>
        <div><br>
        </div>
        <div>Hast Du eigentlich den Fix für <a moz-do-not-send="true" href="https://issues.kolab.org/show_bug.cgi?id=2864">https://issues.kolab.org/show_bug.cgi?id=2864</a>
          drin?</div>
        <div>[root@mail ~]#
          vi /usr/lib/python2.6/site-packages/pykolab/setup/setup_mta.py<br>
                  if os.path.isdir('/etc/amavisd'):<br>
                      fp = open('/etc/amavisd/amavisd.conf', 'w')<br>
          <b><font color="#ff4013">            fp.write(t.__str__())<br>
                          fp.close()<br>
            </font></b>        elif os.path.isdir('/etc/amavis'):<br>
                      fp = open('/etc/amavis/amavisd.conf', 'w')<br>
                      fp.write(t.__str__())<br>
                      fp.close()</div>
        <div><br>
        </div>
        <div>Hoffe das hilft evtl. irgendwie.</div>
        <div><br>
        </div>
        <div>Cheers,</div>
        <div>Markus</div>
        <div><br>
          <div>
            <div>Am 14.05.2014 um 14:02 schrieb IG BEB GmbH (Herr
              Treber) <<a moz-do-not-send="true" href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div>
            <br class="Apple-interchange-newline">
            <blockquote type="cite">
              <div text="#000000" bgcolor="#FFFFFF" style="font-family:
                Helvetica; font-size: 12px; font-style: normal;
                font-variant: normal; font-weight: normal;
                letter-spacing: normal; line-height: normal; orphans:
                auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;"><font size="-1">Hallo,<br>
                  <br>
                  habe mal Kolab 3.2 auf CentOS 6.5 installiert.<br>
                  Installation verlief problemlos.<span class="Apple-converted-space"> </span><br>
                  Nutzer angelegt und per Roundcubemail eingeloggt.<br>
                  <br>
                  Der Zugriff zu Rondcubemail dauert recht lang.<br>
                  <br>
                  Hängt das evtl. damit zusammen und wie ist das zu
                  lösen?<br>
                  <br>
                  Im Protokoll maillog steht<br>
                </font><font size="-1">May 14 13:58:15 web
                  ptloader[3603]: LDAP search for domain failed.<br>
                  May 14 13:58:15 web imap[5178]: ptload(): bad response
                  from ptloader server: identifier not found<br>
                  May 14 13:58:15 web imap[5178]: ptload failed: but
                  canonified<span class="Apple-converted-space"> </span></font><font size="-1"><font size="-1"><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration: underline;">user.name</a></font><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color:
                    purple; text-decoration: underline;">@beb-weimar.de</a><span class="Apple-converted-space"> </span>-><span class="Apple-converted-space"> </span></font><font size="-1"><font size="-1"><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration: underline;">user.name</a></font><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color:
                    purple; text-decoration: underline;">@beb-weimar.de</a><br>
                  May 14 13:58:15 web imap[5178]: SASL unable to open
                  Berkeley db /etc/sasldb2: No such file or directory<br>
                  May 14 13:58:15 web imap[5178]: SASL unable to open
                  Berkeley db /etc/sasldb2: No such file or directory<br>
                  May 14 13:58:15 web imap[5178]: login: localhost [::1]<span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:user.name@beb-weimar.de" style="color:
                    purple; text-decoration: underline;">user.name@beb-weimar.de</a><span class="Apple-converted-space"> </span>PLAIN+TLS User
                  logged in SESSIONID=<<a moz-do-not-send="true" href="http://web.beb-weimar.de/" style="color:
                    purple; text-decoration: underline;">web.beb-weimar.de</a>-5178-1400068694-1><br>
                  May 14 13:58:16 web imap[5178]: USAGE<span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:user%5Ename@beb-weimar.de" style="color: purple; text-decoration: underline;">user^name@beb-weimar.de</a><span class="Apple-converted-space"> </span>user: 0.015997
                  sys: 0.007998<br>
                  May 14 13:58:17 web imap[4967]: starttls: TLSv1 with
                  cipher DHE-RSA-AES256-SHA (256/256 bits new) no
                  authentication<br>
                  May 14 13:58:17 web imap[5187]: starttls: TLSv1 with
                  cipher DHE-RSA-AES256-SHA (256/256 bits new) no
                  authentication</font><font size="-1"><br>
                  <br>
                  Der Username wird einmal mit "." und "^" dargestellt?<br>
                  <br>
                  Kennt sich da jemand aus?<br>
                </font>
                <div class="moz-signature">--<span class="Apple-converted-space"> </span><br>
                  <div class="Section1" style="page: Section1;">Danke<br>
                    Uwe<br>
                  </div>
                </div>
                _______________________________________________<br>
                users-de mailing list<br>
                <a moz-do-not-send="true" href="mailto:users-de@lists.kolab.org" style="color:
                  purple; text-decoration: underline;">users-de@lists.kolab.org</a><br>
                <a moz-do-not-send="true" href="https://lists.kolab.org/mailman/listinfo/users-de" style="color: purple; text-decoration: underline;">https://lists.kolab.org/mailman/listinfo/users-de</a></div>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
    </blockquote>
    <br>
  </div>

_______________________________________________<br>users-de mailing list<br><a href="mailto:users-de@lists.kolab.org">users-de@lists.kolab.org</a><br>https://lists.kolab.org/mailman/listinfo/users-de</blockquote></div><br></div></body></html>