<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Hi Uwe,<div><br></div><div>das is exakt mein Setup.</div><div><br></div><div>Von aussen ist bei mir nur Port 25 (smtp) für Mailempfang offen. Wenn Du auf diesem Port optional Verschlüsselung verwenden willst, brauchst Du ein offizielles Zertifikat. Ich habe mein Comodo EssentialSSL Zertifikat über <a href="http://cheapsslsecurity.com">cheapsslsecurity.com</a> gekauft. Dauert keine 15 Minuten. Kostet 25 USD.</div><div><br></div><div>Im Intranet verwenden wir Zertifikate, die von unserer eigenen self-siogned CA ausgestellt wurden. Auf all unseren Clients ist unsere CA als trusted CA installiert.</div><div><br></div><div>Von den Schritten aus der letzten Mail brauchst Du dann genau alle ;-)</div><div><br></div><div>Wenn Du willst, kann ich Dir mal mein komplettes Installationslog als PN schicken. Ist aber noch work in progress.</div><div><br></div><div>Cheers,</div><div>Markus</div><div><br><div><div>Am 15.05.2014 um 11:41 schrieb IG BEB GmbH (Herr Treber) <<a href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div><br class="Apple-interchange-newline"><blockquote type="cite">
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix"><small>Hallo Markus,<br>
        danke für die Info. War des Suchens Leid und bin<br>
        gerade an einer Neuinstallation. <br>
        Wollte Kolab erstmal im LAN nutzen und nicht nach außen<br>
        öffnen (außer die Ports für Mailempfang und -versandt).<br>
        Braucht man dafür eigene Zertifikate oder sind welche in der <br>
        Grundinstallation von Kolab vorhanden? Was sollte von deinen<br>
        Angaben installiert werden?<br>
        Steh da ein bissel auf dem Schlauch.<br>
        <br>
        Uwe<br>
      </small><br>
      Am 15.05.2014 11:13, schrieb Markus Bernhardt:<br>
    </div>
    <blockquote cite="mid:31D74621-22F1-4A1E-8FF7-808D0FCF2FD8@me.com" type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      Hallo Uwe,
      <div><br>
      </div>
      <div>die Fehlermeldungen bezüglich SASL habe ich mir noch nicht
        angesehen.</div>
      <div><br>
      </div>
      <div>Kannst Du mal bitte die folgenden Kommandos auf der Maschine
        absetzen:</div>
      <div><br>
      </div>
      <div>SSL:</div>
      <div>
        <!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->
        <!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
        <!--StartFragment--><span style="font-size:10.0pt;mso-bidi-font-size:
          11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
          New Roman";mso-bidi-theme-font:minor-bidi;
          mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">openssl
          s_client -showcerts
          -connect localhost:443</span></div>
      <div><span style="font-size:10.0pt;mso-bidi-font-size:
          11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
          New Roman";mso-bidi-theme-font:minor-bidi;
          mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">
          <!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->
          <!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
          <!--StartFragment--><span style="font-size: 10pt;" lang="NL">openssl
            s_client -showcerts
            -connect localhost:636</span></span></div>
      <div><span style="font-size:10.0pt;mso-bidi-font-size:
          11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
          New Roman";mso-bidi-theme-font:minor-bidi;
          mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">
            <!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->
            <!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
            <!--StartFragment--><span style="font-size: 10pt;" lang="NL">openssl
              s_client -showcerts
              -connect localhost:993</span><!--EndFragment-->
          </span></div>
      <div><span style="font-size:10.0pt;mso-bidi-font-size:
          11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
          New Roman";mso-bidi-theme-font:minor-bidi;
          mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">
              <!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>7</o:Words>
  <o:Characters>42</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>1</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>51</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->
              <!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
              <!--StartFragment--><span style="font-size: 10pt;" lang="NL">openssl s_client -showcerts
                -connect localhost:995</span></span></div>
      <div><br>
      </div>
      <div>START TLS:</div>
      <div>openssl s_client -showcerts -starttls smtp -connect
        localhost:25</div>
      <div>
        <div>openssl s_client -showcerts -starttls pop3 -connect
          localhost:110</div>
      </div>
      <div>
        <div>openssl s_client -showcerts -starttls imap -connect
          localhost:143</div>
      </div>
      <div>
        <div>openssl s_client -showcerts -starttls smtp -connect
          localhost:587</div>
        <div><br>
        </div>
        <div>Du solltest überall die richtigen Zertifikate angezeigt
          bekommen.</div>
        <div><br>
        </div>
        <div>Zusätzlich ist es übrigens eine gute Idee die verwendeten
          Ciphers zu härten.</div>
        <div><br>
        </div>
        <div>---</div>
        <div><br>
        </div>
        <div>Ich kopier Dir mal mein Installationsprotokoll ans Ende.
          Vielleicht hilft das ja. Wichtig dabei ist, dass wir intern
          Zertifikate unsere eigenen CA und nur für den extern
          erreichbaren SMTP (postfix) ein offizielles EssentailSSL
          Zertifikat von Comodo verwenden. Also nicht wundern.</div>
        <div><br>
        </div>
        <div>Cheers,</div>
        <div>Markus</div>
        <div><br>
        </div>
        <div>
          <!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Template>Normal.dotm</o:Template>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>1382</o:Words>
  <o:Characters>7879</o:Characters>
  <o:Company>Software Consulting GmbH</o:Company>
  <o:Lines>65</o:Lines>
  <o:Paragraphs>15</o:Paragraphs>
  <o:CharactersWithSpaces>9675</o:CharactersWithSpaces>
  <o:Version>12.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:PunctuationKerning/>
  <w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
  <w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:DontGrowAutofit/>
   <w:DontAutofitConstrainedTables/>
   <w:DontVertAlignInTxbx/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="276">
 </w:LatentStyles>
</xml><![endif]-->
          <!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Normale Tabelle";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin-top:0cm;
        mso-para-margin-right:0cm;
        mso-para-margin-bottom:10.0pt;
        mso-para-margin-left:0cm;
        line-height:115%;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-ascii-font-family:Calibri;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"Times New Roman";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Calibri;
        mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
          <!--StartFragment-->
          <h1><a moz-do-not-send="true" name="_Toc261725217"><span lang="NL">Kolab mit SSL absichern</span></a></h1>
          <h2><a moz-do-not-send="true" name="_Toc261725218"><span lang="NL">Gruppe ssl-cert</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# groupadd
              ssl-cert</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a
              -G ssl-cert mail</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a
              -G ssl-cert postfix</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a
              -G ssl-cert cyrus</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725219"><span lang="NL">Install certs</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
              certificate-authorities/SCMB\ GmbH\ Intranet\
              CA/keys-renamed/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
              /etc/pki/tls/private/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
              certificate-authorities/SCMB\
              GmbH\ Intranet\
              CA/keys-renamed/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt
              /etc/pki/tls/certs/</span></p><p class="MsoNormal"><span lang="NL">[root@mail
              ~]# cp certificate-authorities/SCMB\ GmbH\ Root\
              CA/keys-renamed/SCMB-GmbH-Root-CA.crt /etc/pki/tls/certs/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
              certificate-authorities/SCMB\
              GmbH\ Intranet\ CA/keys-renamed/SCMB-GmbH-Intranet-CA.crt
              /etc/pki/tls/certs/</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725220"><span lang="NL">Build bundles</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
              /etc/pki/tls/certs/SCMB-GmbH-*.crt
              /etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
              >
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.bundle.pem</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
              /etc/pki/tls/certs/SCMB-GmbH-*CA.*.crt >
              /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.chain.pem</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725221"><span lang="NL">Fix rights</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# chown
              root:ssl-cert
              /etc/pki/tls/private/SCMB-*</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# chmod 440
              /etc/pki/tls/private/SCMB-*</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725222"><span lang="NL">CA bundle</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
              /etc/pki/tls/certs/ca-bundle.crt
              /etc/pki/tls/certs/ca-bundle.crt.orig</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
              /etc/pki/tls/certs/SCMB-GmbH-*CA.crt >>
              /etc/pki/tls/certs/ca-bundle.crt</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725223"><span lang="NL">Cyrus IMAPD</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -r -i
              -e
              's|^tls_cert_<a class="moz-txt-link-freetext" href="file://.*">file:.*</a>|tls_cert_file:
              /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt|g'
              -e
              's|^tls_key_<a class="moz-txt-link-freetext" href="file://.*">file:.*</a>|tls_key_file:
              /etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key|g'
              -e
              's|^tls_ca_<a class="moz-txt-link-freetext" href="file://.*">file:.*</a>|tls_ca_file:
              /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.chain.pem|g'
              /etc/imapd.conf</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
              cyrus-imapd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
              s_client -showcerts
              -connect localhost:993</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725224"><span lang="NL">Postfix</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf
              -e
smtpd_tls_key_file=/etc/pki/tls/private/EssentialSSLCA-2-mail.scmb.de.key</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf
              -e
smtpd_tls_cert_file=/etc/pki/tls/certs/EssentialSSLCA-2-mail.scmb.de.crt</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf
              -e
smtpd_tls_CAfile=/etc/pki/tls/certs/EssentialSSLCA-2.chain.pem</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
              postfix restart </span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725225"><span lang="NL">Apache</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -d /etc/httpd/alias
              -A  -t "CT,," -i
              /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.crt -n "SCMB GmbH
              Intranet
              Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -d /etc/httpd/alias
              -A  -t "CT,," -i
              /etc/pki/tls/certs/SCMB-GmbH-Root-CA.crt -n "SCMB GmbH
              Root Certification
              Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -D -d /etc/httpd/alias
              -n "Server-Cert" </span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
              pkcs12 -export -in
              /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt
              -inkey
              /etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
              -out
              /tmp/example.p12 -name Server-Cert -passout pass:foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# echo "foo"
              >
              /tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# pk12util
              -i /tmp/example.p12 -d
              /etc/httpd/alias -w /tmp/foo -k /dev/null</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
              /tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
              /tmp/example.p12</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -L -d /etc/httpd/alias</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -V -u V -d
              /etc/httpd/alias -n "Server-Cert"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
              's/8443/443/'
              /etc/httpd/conf.d/nss.conf</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
              >>
              /etc/httpd/conf/httpd.conf << EOF</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL"><VirtualHost
              _default_:80></span></p><p class="MsoNormal"><span lang="NL">    RewriteEngine On</span></p><p class="MsoNormal"><span lang="NL">    RewriteRule ^(.*)$ <a moz-do-not-send="true" href="https://%%7BHTTP_HOST%7D%5C$1">https://%{HTTP_HOST}\$1</a>
              [R=301,L]</span></p><p class="MsoNormal"><span lang="NL"></VirtualHost></span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
              httpd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
              s_client -showcerts
              -connect localhost:443</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725226"><span lang="NL">389 Directory Server</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -d
              /etc/dirsrv/slapd-mail/ -A  -t
              "CT,," -i /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.crt -n
              "SCMB
              GmbH Intranet Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -d
              /etc/dirsrv/slapd-mail/ -A  -t
              "CT,," -i /etc/pki/tls/certs/SCMB-GmbH-Root-CA.crt -n
              "SCMB GmbH
              Root Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
              pkcs12 -export -in
              /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt
              -inkey
              /etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
              -out
              /tmp/example.p12 -name Server-Cert -passout pass:foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# echo "foo"
              >
              /tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# pk12util
              -i /tmp/example.p12 -d
              /etc/dirsrv/slapd-mail/ -w /tmp/foo -k /dev/null</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
              /tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
              /tmp/example.p12</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
              -L -d
              /etc/dirsrv/slapd-mail/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapmodify
              -x -h localhost -p
              389     -D
              "cn=Directory Manager" -W</span></p><p class="MsoNormal"><span lang="NL">Enter LDAP Password:</span></p><p class="MsoNormal"><span lang="NL">dn:
              cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3</span></p><p class="MsoNormal"><span lang="NL">nsSSL3: on</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSLClientAuth</span></p><p class="MsoNormal"><span lang="NL">nsSSLClientAuth: allowed</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">add: nsSSL3Ciphers</span></p><p class="MsoNormal"><span lang="NL">nsSSL3Ciphers:
-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,</span></p><p class="MsoNormal"><span lang="NL"> +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,</span></p><p class="MsoNormal"><span lang="NL"> +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,</span></p><p class="MsoNormal"><span lang="NL"> +tls_rsa_export1024_with_des_cbc_sha</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">dn: cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">add: nsslapd-security</span></p><p class="MsoNormal"><span lang="NL">nsslapd-security: on</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace:
              nsslapd-ssl-check-hostname</span></p><p class="MsoNormal"><span lang="NL">nsslapd-ssl-check-hostname:
              off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace:
              nsslapd-secureport</span></p><p class="MsoNormal"><span lang="NL">nsslapd-secureport: 636</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">dn:
              cn=RSA,cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: add</span></p><p class="MsoNormal"><span lang="NL">objectclass: top</span></p><p class="MsoNormal"><span lang="NL">objectclass:
              nsEncryptionModule</span></p><p class="MsoNormal"><span lang="NL">cn: RSA</span></p><p class="MsoNormal"><span lang="NL">nsSSLPersonalitySSL:
              Server-Cert</span></p><p class="MsoNormal"><span lang="NL">nsSSLToken: internal
              (software)</span></p><p class="MsoNormal"><span lang="NL">nsSSLActivation: on</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
              s_client -showcerts -connect
              localhost:636</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapsearch
              -x -H
              <a moz-do-not-send="true" href="ldap://localhost">ldap://localhost</a>
              -b "cn=kolab,cn=config" -D "cn=Directory
              Manager" -W</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725227"><span lang="NL">Harden SSL Ciphers</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# grep
              NSSCipherSuite
              /etc/httpd/conf.d/nss.conf</span></p><p class="MsoNormal"><span lang="NL">NSSCipherSuite
-rsa_rc4_128_md5,-rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,-ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,-ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,-ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
              httpd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan
              --no-failed
              localhost:443</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapmodify
              -x -h localhost -p
              389     -D
              "cn=Directory Manager" -W</span></p><p class="MsoNormal"><span lang="NL">Enter LDAP Password:</span></p><p class="MsoNormal"><span lang="NL">dn:
              cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3</span></p><p class="MsoNormal"><span lang="NL">nsSSL3: off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL2</span></p><p class="MsoNormal"><span lang="NL">nsSSL2: off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3Ciphers</span></p><p class="MsoNormal"><span lang="NL">nsSSL3Ciphers:
-rc4,-rc4export,-rc2,-rc2export,-des,-desede3,-rsa_rc4_128_md5,-rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,+rsa_fips_3des_sha,+fips_3des_sha,-rsa_fips_des_sha,-fips_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,-tls_rsa_export1024_with_rc4_56_sha,-rsa_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha,-rsa_des_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-dhe_dss_des_sha,+dhe_dss_3des_sha,-dhe_rsa_des_sha,+dhe_rsa_3des_sha,+tls_rsa_aes_128_sha,+rsa_aes_128_sha,+tls_dhe_dss_aes_128_sha,+tls_dhe_rsa_aes_128_sha,+tls_rsa_aes_256_sha,+rsa_aes_256_sha,+tls_dhe_dss_aes_256_sha,+tls_dhe_rsa_aes_256_sha,-tls_dhe_dss_1024_rc4_sha,-tls_dhe_dss_rc4_128_sha</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
              dirsrv restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan
              --no-failed localhost:636</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# grep
              tls_cipher /etc/imapd.conf</span></p><p class="MsoNormal"><span lang="NL">tls_cipher_list:
              TLSv1+HIGH:!aNULL:@STRENGTH</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
              cyrus-imapd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan
              --no-failed localhost:993</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725228"><span lang="NL">Kolab CLI</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -r -i
              -e '/api_url/d' -e
              "s#\[kolab_wap\]#[kolab_wap]\napi_url =
              <a moz-do-not-send="true" href="https://mail.intranet.scmb.de/kolab-webadmin/api#g">https://mail.intranet.scmb.de/kolab-webadmin/api#g</a>"
              /etc/kolab/kolab.conf</span></p>
          <h2><a moz-do-not-send="true" name="_Toc261725229"><span lang="NL">Roundcube</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
              '/kolab_ssl/d'
              /etc/roundcubemail/libkolab.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
              's/<a class="moz-txt-link-freetext" href="http://https/">http:/https:/</a>'
              /etc/roundcubemail/kolab_files.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
              '/^?>/d'
              /etc/roundcubemail/config.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
              >>
              /etc/roundcubemail/config.inc.php << EOF</span></p><p class="MsoNormal"><span lang="NL">\$config['kolab_http_request']
              = array(</span></p><p class="MsoNormal"><span lang="NL">       
              'ssl_verify_peer'       =>
              true,</span></p><p class="MsoNormal"><span lang="NL">       
              'ssl_verify_host'       =>
              true,</span></p><p class="MsoNormal"><span lang="NL">       
              'ssl_cafile'           
              => '/etc/pki/tls/certs/ca-bundle.crt'</span></p><p class="MsoNormal"><span lang="NL">);</span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
              >>
              /etc/roundcubemail/config.inc.php <<
              EOF\$config['calendar_caldav_url']            
              = "<a moz-do-not-send="true" href="https://mail.intranet.scmb.de/iRony/calendars/%u/%i">https://mail.intranet.scmb.de/iRony/calendars/%u/%i</a>";</span></p><p class="MsoNormal"><span lang="NL">\$config['kolab_addressbook_carddav_url']  
              =
              '<a moz-do-not-send="true" href="https://mail.intranet.scmb.de/iRony/addressbooks/%u/%i%27">https://mail.intranet.scmb.de/iRony/addressbooks/%u/%i'</a>;</span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">Fix indenting and php
              close tag at the end of </span>/etc/roundcubemail/config.inc.php!</p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div>
          <h2><a moz-do-not-send="true" name="_Toc261725230"><span lang="NL">ipTables</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
              /etc/sysconfig/iptables</span></p><p class="MsoNormal"><span lang="NL"># Firewall configuration
              written by
              system-config-firewall</span></p><p class="MsoNormal"><span lang="NL"># Manual customization of
              this file is not
              recommended.</span></p><p class="MsoNormal"><span lang="NL">*filter</span></p><p class="MsoNormal"><span lang="NL">:INPUT ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">:FORWARD ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">:OUTPUT ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              ESTABLISHED,RELATED
              -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -p icmp -j
              ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -i lo -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 22 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 25 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 80 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state
                --state NEW -m tcp -p tcp
                --dport 110 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state
                --state NEW -m tcp -p tcp
                --dport 143 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state
                --state NEW -m tcp -p tcp
                --dport 389 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 443 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 465 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 587 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 636 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 993 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
              NEW -m tcp -p tcp
              --dport 995 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -j REJECT
              --reject-with
              icmp-host-prohibited</span></p><p class="MsoNormal"><span lang="NL">-A FORWARD -j REJECT
              --reject-with
              icmp-host-prohibited</span></p><p class="MsoNormal"><span lang="NL">COMMIT</span></p>
          <!--EndFragment--></div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <div><br>
        <div>
          <div>Am 15.05.2014 um 09:09 schrieb IG BEB GmbH (Herr Treber)
            <<a moz-do-not-send="true" href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div>
          <br class="Apple-interchange-newline">
          <blockquote type="cite">
            <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
            <div text="#000000" bgcolor="#FFFFFF">
              <div class="moz-cite-prefix"><font size="-1">Hallo Markus</font>,<br>
                <small>die Datei setup_mta.py hatte ich schon angepasst.<br>
                  Hab nun auch noch folgendes Problem:<br>
                  Bei der Kontoeinrichtung mit Thunderbird als
                  Mailclient bekomme ich einfach<br>
                  kein Zugang zu Kolab, bringt immer Benutzername oder
                  Kennwort falsch.<br>
                  Egal welchen Port oder welche Verschlüsselung ich
                  wähle.<br>
                  <br>
                  Das Protokoll maillog bringt diese Fehlermeldung:<br>
                  May 15 09:00:27 web imaps[4343]: Fatal error:
                  tls_start_servertls() failed<br>
                  May 15 09:00:27 web master[3122]: process type:SERVICE
                  name:imaps path:/usr/lib/cyrus-imapd/imapd age:25.271s
                  pid:4343 signaled to death by signal 6 (Aborted, core
                  dumped)<br>
                  May 15 09:03:05 web postfix/smtpd[5028]: warning:
                  192.168.1.13: address not listed for hostname
                  localhost<br>
                  May 15 09:03:05 web postfix/smtpd[5028]: connect from
                  unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/submission/smtpd[5027]:
                  warning: 192.168.1.13: address not listed for hostname
                  localhost<br>
                  May 15 09:03:05 web postfix/submission/smtpd[5027]:
                  connect from unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/smtpd[5028]: disconnect
                  from unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/submission/smtpd[5027]:
                  disconnect from unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/smtpd[5028]: warning:
                  192.168.1.13: address not listed for hostname
                  localhost<br>
                  May 15 09:03:05 web postfix/smtpd[5028]: connect from
                  unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/submission/smtpd[5027]:
                  warning: 192.168.1.13: address not listed for hostname
                  localhost<br>
                  May 15 09:03:05 web postfix/submission/smtpd[5027]:
                  connect from unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/submission/smtpd[5027]:
                  lost connection after CONNECT from
                  unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/submission/smtpd[5027]:
                  disconnect from unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/smtpd[5028]: lost
                  connection after CONNECT from unknown[192.168.1.13]<br>
                  May 15 09:03:05 web postfix/smtpd[5028]: disconnect
                  from unknown[192.168.1.13]<br>
                  May 15 09:03:09 web imap[3404]: STARTTLS negotiation
                  failed: localhost [192.168.1.13]<br>
                  May 15 09:03:10 web imap[3404]: Connection reset by
                  peer, closing connection<br>
                  May 15 09:03:10 web imap[5026]: STARTTLS negotiation
                  failed: localhost [192.168.1.13]<br>
                  May 15 09:03:10 web imap[5026]: Connection reset by
                  peer, closing connection<br>
                  <br>
                  Hängt das irgendwie zusammen?<br>
                  Muss der Dienst saslauthd von CentOS laufen oder
                  übernimmt das kolab-saslauthd.<br>
                  Fragen über Fragen.<br>
                  <br>
                  Kennt sich da jemand aus?<br>
                  <br>
                  Danke.<br>
                  Uwe<br>
                  ------------- <br>
                </small>
                <div class="moz-signature">
                  <div class="Section1"><br>
                  </div>
                </div>
                Am 14.05.2014 22:20, schrieb Markus Bernhardt:<br>
              </div>
              <blockquote cite="mid:AB601F24-6D1D-4E22-A71F-879AF4D9F071@me.com" type="cite">
                <meta http-equiv="Content-Type" content="text/html;
                  charset=ISO-8859-1">
                Hi,
                <div><br>
                </div>
                <div>ich habe genau das gleiche Setup am Laufen.</div>
                <div><br>
                </div>
                <div>Folgende Fehler habe ich auch im Log:</div>
                <div>May 14 21:50:14 mail lmtpunix[32137]: ptload(): bad
                  response from ptloader server: identifier not found</div>
                <div>May 14 21:50:14 mail lmtpunix[32137]: ptload failed
                  for markus^<a moz-do-not-send="true" href="mailto:bernhardt@scmb.de">bernhardt@scmb.de</a></div>
                <div>May 14 22:00:01 mail imaps[8801]: SASL unable to
                  open Berkeley db /etc/sasldb2: No such file or
                  directory</div>
                <div><br>
                </div>
                <div>Aber nicht den ersten:</div>
                > May 14 13:58:15 web ptloader[3603]: LDAP search for
                domain failed.
                <div><br>
                </div>
                <div>Bei mir im Log:<br>
                  <div>May 14 04:30:01 mail ptloader[25396]: starting:
                    ptloader.c,v git2.5+0</div>
                  <div><br>
                  </div>
                  <div>Hast Du eigentlich den Fix für <a moz-do-not-send="true" href="https://issues.kolab.org/show_bug.cgi?id=2864">https://issues.kolab.org/show_bug.cgi?id=2864</a>
                    drin?</div>
                  <div>[root@mail ~]#
                    vi /usr/lib/python2.6/site-packages/pykolab/setup/setup_mta.py<br>
                            if os.path.isdir('/etc/amavisd'):<br>
                                fp = open('/etc/amavisd/amavisd.conf',
                    'w')<br>
                    <b><font color="#ff4013">         
                          fp.write(t.__str__())<br>
                                    fp.close()<br>
                      </font></b>     
                      elif os.path.isdir('/etc/amavis'):<br>
                                fp = open('/etc/amavis/amavisd.conf',
                    'w')<br>
                                fp.write(t.__str__())<br>
                                fp.close()</div>
                  <div><br>
                  </div>
                  <div>Hoffe das hilft evtl. irgendwie.</div>
                  <div><br>
                  </div>
                  <div>Cheers,</div>
                  <div>Markus</div>
                  <div><br>
                    <div>
                      <div>Am 14.05.2014 um 14:02 schrieb IG BEB GmbH
                        (Herr Treber) <<a moz-do-not-send="true" href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div>
                      <br class="Apple-interchange-newline">
                      <blockquote type="cite">
                        <div text="#000000" bgcolor="#FFFFFF" style="font-family: Helvetica; font-size:
                          12px; font-style: normal; font-variant:
                          normal; font-weight: normal; letter-spacing:
                          normal; line-height: normal; orphans: auto;
                          text-align: start; text-indent: 0px;
                          text-transform: none; white-space: normal;
                          widows: auto; word-spacing: 0px;
                          -webkit-text-stroke-width: 0px;"><font size="-1">Hallo,<br>
                            <br>
                            habe mal Kolab 3.2 auf CentOS 6.5
                            installiert.<br>
                            Installation verlief problemlos.<span class="Apple-converted-space"> </span><br>
                            Nutzer angelegt und per Roundcubemail
                            eingeloggt.<br>
                            <br>
                            Der Zugriff zu Rondcubemail dauert recht
                            lang.<br>
                            <br>
                            Hängt das evtl. damit zusammen und wie ist
                            das zu lösen?<br>
                            <br>
                            Im Protokoll maillog steht<br>
                          </font><font size="-1">May 14 13:58:15 web
                            ptloader[3603]: LDAP search for domain
                            failed.<br>
                            May 14 13:58:15 web imap[5178]: ptload():
                            bad response from ptloader server:
                            identifier not found<br>
                            May 14 13:58:15 web imap[5178]: ptload
                            failed: but canonified<span class="Apple-converted-space"> </span></font><font size="-1"><font size="-1"><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
                                underline;">user.name</a></font><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
                              underline;">@beb-weimar.de</a><span class="Apple-converted-space"> </span>-><span class="Apple-converted-space"> </span></font><font size="-1"><font size="-1"><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
                                underline;">user.name</a></font><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
                              underline;">@beb-weimar.de</a><br>
                            May 14 13:58:15 web imap[5178]: SASL unable
                            to open Berkeley db /etc/sasldb2: No such
                            file or directory<br>
                            May 14 13:58:15 web imap[5178]: SASL unable
                            to open Berkeley db /etc/sasldb2: No such
                            file or directory<br>
                            May 14 13:58:15 web imap[5178]: login:
                            localhost [::1]<span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
                              underline;">user.name@beb-weimar.de</a><span class="Apple-converted-space"> </span>PLAIN+TLS
                            User logged in SESSIONID=<<a moz-do-not-send="true" href="http://web.beb-weimar.de/" style="color: purple; text-decoration:
                              underline;">web.beb-weimar.de</a>-5178-1400068694-1><br>
                            May 14 13:58:16 web imap[5178]: USAGE<span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:user%5Ename@beb-weimar.de" style="color: purple; text-decoration:
                              underline;">user^name@beb-weimar.de</a><span class="Apple-converted-space"> </span>user:
                            0.015997 sys: 0.007998<br>
                            May 14 13:58:17 web imap[4967]: starttls:
                            TLSv1 with cipher DHE-RSA-AES256-SHA
                            (256/256 bits new) no authentication<br>
                            May 14 13:58:17 web imap[5187]: starttls:
                            TLSv1 with cipher DHE-RSA-AES256-SHA
                            (256/256 bits new) no authentication</font><font size="-1"><br>
                            <br>
                            Der Username wird einmal mit "." und "^"
                            dargestellt?<br>
                            <br>
                            Kennt sich da jemand aus?<br>
                          </font>
                          <div class="moz-signature">--<span class="Apple-converted-space"> </span><br>
                            <div class="Section1" style="page:
                              Section1;">Danke<br>
                              Uwe<br>
                            </div>
                          </div>
_______________________________________________<br>
                          users-de mailing list<br>
                          <a moz-do-not-send="true" href="mailto:users-de@lists.kolab.org" style="color: purple; text-decoration:
                            underline;">users-de@lists.kolab.org</a><br>
                          <a moz-do-not-send="true" href="https://lists.kolab.org/mailman/listinfo/users-de" style="color: purple; text-decoration:
                            underline;">https://lists.kolab.org/mailman/listinfo/users-de</a></div>
                      </blockquote>
                    </div>
                    <br>
                  </div>
                </div>
              </blockquote>
              <br>
            </div>
            _______________________________________________<br>
            users-de mailing list<br>
            <a moz-do-not-send="true" href="mailto:users-de@lists.kolab.org">users-de@lists.kolab.org</a><br>
            <a class="moz-txt-link-freetext" href="https://lists.kolab.org/mailman/listinfo/users-de">https://lists.kolab.org/mailman/listinfo/users-de</a></blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div>

_______________________________________________<br>users-de mailing list<br><a href="mailto:users-de@lists.kolab.org">users-de@lists.kolab.org</a><br>https://lists.kolab.org/mailman/listinfo/users-de</blockquote></div><br></div></body></html>