<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Hi Uwe,<div><br></div><div>das is exakt mein Setup.</div><div><br></div><div>Von aussen ist bei mir nur Port 25 (smtp) für Mailempfang offen. Wenn Du auf diesem Port optional Verschlüsselung verwenden willst, brauchst Du ein offizielles Zertifikat. Ich habe mein Comodo EssentialSSL Zertifikat über <a href="http://cheapsslsecurity.com">cheapsslsecurity.com</a> gekauft. Dauert keine 15 Minuten. Kostet 25 USD.</div><div><br></div><div>Im Intranet verwenden wir Zertifikate, die von unserer eigenen self-siogned CA ausgestellt wurden. Auf all unseren Clients ist unsere CA als trusted CA installiert.</div><div><br></div><div>Von den Schritten aus der letzten Mail brauchst Du dann genau alle ;-)</div><div><br></div><div>Wenn Du willst, kann ich Dir mal mein komplettes Installationslog als PN schicken. Ist aber noch work in progress.</div><div><br></div><div>Cheers,</div><div>Markus</div><div><br><div><div>Am 15.05.2014 um 11:41 schrieb IG BEB GmbH (Herr Treber) <<a href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"><small>Hallo Markus,<br>
danke für die Info. War des Suchens Leid und bin<br>
gerade an einer Neuinstallation. <br>
Wollte Kolab erstmal im LAN nutzen und nicht nach außen<br>
öffnen (außer die Ports für Mailempfang und -versandt).<br>
Braucht man dafür eigene Zertifikate oder sind welche in der <br>
Grundinstallation von Kolab vorhanden? Was sollte von deinen<br>
Angaben installiert werden?<br>
Steh da ein bissel auf dem Schlauch.<br>
<br>
Uwe<br>
</small><br>
Am 15.05.2014 11:13, schrieb Markus Bernhardt:<br>
</div>
<blockquote cite="mid:31D74621-22F1-4A1E-8FF7-808D0FCF2FD8@me.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
Hallo Uwe,
<div><br>
</div>
<div>die Fehlermeldungen bezüglich SASL habe ich mir noch nicht
angesehen.</div>
<div><br>
</div>
<div>Kannst Du mal bitte die folgenden Kommandos auf der Maschine
absetzen:</div>
<div><br>
</div>
<div>SSL:</div>
<div>
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Template>Normal.dotm</o:Template>
<o:Revision>0</o:Revision>
<o:TotalTime>0</o:TotalTime>
<o:Pages>1</o:Pages>
<o:Words>7</o:Words>
<o:Characters>42</o:Characters>
<o:Company>Software Consulting GmbH</o:Company>
<o:Lines>1</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>51</o:CharactersWithSpaces>
<o:Version>12.0</o:Version>
</o:DocumentProperties>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
<w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
<w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
<w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:DontGrowAutofit/>
<w:DontAutofitConstrainedTables/>
<w:DontVertAlignInTxbx/>
</w:Compatibility>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="276">
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment--><span style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">openssl
s_client -showcerts
-connect localhost:443</span></div>
<div><span style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Template>Normal.dotm</o:Template>
<o:Revision>0</o:Revision>
<o:TotalTime>0</o:TotalTime>
<o:Pages>1</o:Pages>
<o:Words>7</o:Words>
<o:Characters>42</o:Characters>
<o:Company>Software Consulting GmbH</o:Company>
<o:Lines>1</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>51</o:CharactersWithSpaces>
<o:Version>12.0</o:Version>
</o:DocumentProperties>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
<w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
<w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
<w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:DontGrowAutofit/>
<w:DontAutofitConstrainedTables/>
<w:DontVertAlignInTxbx/>
</w:Compatibility>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="276">
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment--><span style="font-size: 10pt;" lang="NL">openssl
s_client -showcerts
-connect localhost:636</span></span></div>
<div><span style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Template>Normal.dotm</o:Template>
<o:Revision>0</o:Revision>
<o:TotalTime>0</o:TotalTime>
<o:Pages>1</o:Pages>
<o:Words>7</o:Words>
<o:Characters>42</o:Characters>
<o:Company>Software Consulting GmbH</o:Company>
<o:Lines>1</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>51</o:CharactersWithSpaces>
<o:Version>12.0</o:Version>
</o:DocumentProperties>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
<w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
<w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
<w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:DontGrowAutofit/>
<w:DontAutofitConstrainedTables/>
<w:DontVertAlignInTxbx/>
</w:Compatibility>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="276">
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment--><span style="font-size: 10pt;" lang="NL">openssl
s_client -showcerts
-connect localhost:993</span><!--EndFragment-->
</span></div>
<div><span style="font-size:10.0pt;mso-bidi-font-size:
11.0pt;font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:
Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times
New Roman";mso-bidi-theme-font:minor-bidi;
mso-ansi-language:NL;mso-fareast-language:EN-US" lang="NL">
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Template>Normal.dotm</o:Template>
<o:Revision>0</o:Revision>
<o:TotalTime>0</o:TotalTime>
<o:Pages>1</o:Pages>
<o:Words>7</o:Words>
<o:Characters>42</o:Characters>
<o:Company>Software Consulting GmbH</o:Company>
<o:Lines>1</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>51</o:CharactersWithSpaces>
<o:Version>12.0</o:Version>
</o:DocumentProperties>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
<w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
<w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
<w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:DontGrowAutofit/>
<w:DontAutofitConstrainedTables/>
<w:DontVertAlignInTxbx/>
</w:Compatibility>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="276">
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment--><span style="font-size: 10pt;" lang="NL">openssl s_client -showcerts
-connect localhost:995</span></span></div>
<div><br>
</div>
<div>START TLS:</div>
<div>openssl s_client -showcerts -starttls smtp -connect
localhost:25</div>
<div>
<div>openssl s_client -showcerts -starttls pop3 -connect
localhost:110</div>
</div>
<div>
<div>openssl s_client -showcerts -starttls imap -connect
localhost:143</div>
</div>
<div>
<div>openssl s_client -showcerts -starttls smtp -connect
localhost:587</div>
<div><br>
</div>
<div>Du solltest überall die richtigen Zertifikate angezeigt
bekommen.</div>
<div><br>
</div>
<div>Zusätzlich ist es übrigens eine gute Idee die verwendeten
Ciphers zu härten.</div>
<div><br>
</div>
<div>---</div>
<div><br>
</div>
<div>Ich kopier Dir mal mein Installationsprotokoll ans Ende.
Vielleicht hilft das ja. Wichtig dabei ist, dass wir intern
Zertifikate unsere eigenen CA und nur für den extern
erreichbaren SMTP (postfix) ein offizielles EssentailSSL
Zertifikat von Comodo verwenden. Also nicht wundern.</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Markus</div>
<div><br>
</div>
<div>
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Template>Normal.dotm</o:Template>
<o:Revision>0</o:Revision>
<o:TotalTime>0</o:TotalTime>
<o:Pages>1</o:Pages>
<o:Words>1382</o:Words>
<o:Characters>7879</o:Characters>
<o:Company>Software Consulting GmbH</o:Company>
<o:Lines>65</o:Lines>
<o:Paragraphs>15</o:Paragraphs>
<o:CharactersWithSpaces>9675</o:CharactersWithSpaces>
<o:Version>12.0</o:Version>
</o:DocumentProperties>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
<w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
<w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
<w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:DontGrowAutofit/>
<w:DontAutofitConstrainedTables/>
<w:DontVertAlignInTxbx/>
</w:Compatibility>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="276">
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment-->
<h1><a moz-do-not-send="true" name="_Toc261725217"><span lang="NL">Kolab mit SSL absichern</span></a></h1>
<h2><a moz-do-not-send="true" name="_Toc261725218"><span lang="NL">Gruppe ssl-cert</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# groupadd
ssl-cert</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a
-G ssl-cert mail</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a
-G ssl-cert postfix</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# usermod -a
-G ssl-cert cyrus</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725219"><span lang="NL">Install certs</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
certificate-authorities/SCMB\ GmbH\ Intranet\
CA/keys-renamed/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
/etc/pki/tls/private/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
certificate-authorities/SCMB\
GmbH\ Intranet\
CA/keys-renamed/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt
/etc/pki/tls/certs/</span></p><p class="MsoNormal"><span lang="NL">[root@mail
~]# cp certificate-authorities/SCMB\ GmbH\ Root\
CA/keys-renamed/SCMB-GmbH-Root-CA.crt /etc/pki/tls/certs/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
certificate-authorities/SCMB\
GmbH\ Intranet\ CA/keys-renamed/SCMB-GmbH-Intranet-CA.crt
/etc/pki/tls/certs/</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725220"><span lang="NL">Build bundles</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
/etc/pki/tls/certs/SCMB-GmbH-*.crt
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
>
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.bundle.pem</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
/etc/pki/tls/certs/SCMB-GmbH-*CA.*.crt >
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.chain.pem</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725221"><span lang="NL">Fix rights</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# chown
root:ssl-cert
/etc/pki/tls/private/SCMB-*</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# chmod 440
/etc/pki/tls/private/SCMB-*</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725222"><span lang="NL">CA bundle</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cp
/etc/pki/tls/certs/ca-bundle.crt
/etc/pki/tls/certs/ca-bundle.crt.orig</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
/etc/pki/tls/certs/SCMB-GmbH-*CA.crt >>
/etc/pki/tls/certs/ca-bundle.crt</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725223"><span lang="NL">Cyrus IMAPD</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -r -i
-e
's|^tls_cert_<a class="moz-txt-link-freetext" href="file://.*">file:.*</a>|tls_cert_file:
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt|g'
-e
's|^tls_key_<a class="moz-txt-link-freetext" href="file://.*">file:.*</a>|tls_key_file:
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key|g'
-e
's|^tls_ca_<a class="moz-txt-link-freetext" href="file://.*">file:.*</a>|tls_ca_file:
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.chain.pem|g'
/etc/imapd.conf</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
cyrus-imapd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
s_client -showcerts
-connect localhost:993</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725224"><span lang="NL">Postfix</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf
-e
smtpd_tls_key_file=/etc/pki/tls/private/EssentialSSLCA-2-mail.scmb.de.key</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf
-e
smtpd_tls_cert_file=/etc/pki/tls/certs/EssentialSSLCA-2-mail.scmb.de.crt</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# postconf
-e
smtpd_tls_CAfile=/etc/pki/tls/certs/EssentialSSLCA-2.chain.pem</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
postfix restart </span></p>
<h2><a moz-do-not-send="true" name="_Toc261725225"><span lang="NL">Apache</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-d /etc/httpd/alias
-A -t "CT,," -i
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.crt -n "SCMB GmbH
Intranet
Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-d /etc/httpd/alias
-A -t "CT,," -i
/etc/pki/tls/certs/SCMB-GmbH-Root-CA.crt -n "SCMB GmbH
Root Certification
Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-D -d /etc/httpd/alias
-n "Server-Cert" </span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
pkcs12 -export -in
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt
-inkey
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
-out
/tmp/example.p12 -name Server-Cert -passout pass:foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# echo "foo"
>
/tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# pk12util
-i /tmp/example.p12 -d
/etc/httpd/alias -w /tmp/foo -k /dev/null</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
/tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
/tmp/example.p12</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-L -d /etc/httpd/alias</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-V -u V -d
/etc/httpd/alias -n "Server-Cert"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
's/8443/443/'
/etc/httpd/conf.d/nss.conf</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
>>
/etc/httpd/conf/httpd.conf << EOF</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL"><VirtualHost
_default_:80></span></p><p class="MsoNormal"><span lang="NL"> RewriteEngine On</span></p><p class="MsoNormal"><span lang="NL"> RewriteRule ^(.*)$ <a moz-do-not-send="true" href="https://%%7BHTTP_HOST%7D%5C$1">https://%{HTTP_HOST}\$1</a>
[R=301,L]</span></p><p class="MsoNormal"><span lang="NL"></VirtualHost></span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
httpd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
s_client -showcerts
-connect localhost:443</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725226"><span lang="NL">389 Directory Server</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-d
/etc/dirsrv/slapd-mail/ -A -t
"CT,," -i /etc/pki/tls/certs/SCMB-GmbH-Intranet-CA.crt -n
"SCMB
GmbH Intranet Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-d
/etc/dirsrv/slapd-mail/ -A -t
"CT,," -i /etc/pki/tls/certs/SCMB-GmbH-Root-CA.crt -n
"SCMB GmbH
Root Certification Authority"</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
pkcs12 -export -in
/etc/pki/tls/certs/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.crt
-inkey
/etc/pki/tls/private/SCMB-GmbH-Intranet-CA-mail.intranet.scmb.de.key
-out
/tmp/example.p12 -name Server-Cert -passout pass:foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# echo "foo"
>
/tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# pk12util
-i /tmp/example.p12 -d
/etc/dirsrv/slapd-mail/ -w /tmp/foo -k /dev/null</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
/tmp/foo</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# rm
/tmp/example.p12</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# certutil
-L -d
/etc/dirsrv/slapd-mail/</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapmodify
-x -h localhost -p
389 -D
"cn=Directory Manager" -W</span></p><p class="MsoNormal"><span lang="NL">Enter LDAP Password:</span></p><p class="MsoNormal"><span lang="NL">dn:
cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3</span></p><p class="MsoNormal"><span lang="NL">nsSSL3: on</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSLClientAuth</span></p><p class="MsoNormal"><span lang="NL">nsSSLClientAuth: allowed</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">add: nsSSL3Ciphers</span></p><p class="MsoNormal"><span lang="NL">nsSSL3Ciphers:
-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,</span></p><p class="MsoNormal"><span lang="NL"> +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,</span></p><p class="MsoNormal"><span lang="NL"> +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,</span></p><p class="MsoNormal"><span lang="NL"> +tls_rsa_export1024_with_des_cbc_sha</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">dn: cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">add: nsslapd-security</span></p><p class="MsoNormal"><span lang="NL">nsslapd-security: on</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace:
nsslapd-ssl-check-hostname</span></p><p class="MsoNormal"><span lang="NL">nsslapd-ssl-check-hostname:
off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace:
nsslapd-secureport</span></p><p class="MsoNormal"><span lang="NL">nsslapd-secureport: 636</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">dn:
cn=RSA,cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: add</span></p><p class="MsoNormal"><span lang="NL">objectclass: top</span></p><p class="MsoNormal"><span lang="NL">objectclass:
nsEncryptionModule</span></p><p class="MsoNormal"><span lang="NL">cn: RSA</span></p><p class="MsoNormal"><span lang="NL">nsSSLPersonalitySSL:
Server-Cert</span></p><p class="MsoNormal"><span lang="NL">nsSSLToken: internal
(software)</span></p><p class="MsoNormal"><span lang="NL">nsSSLActivation: on</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# openssl
s_client -showcerts -connect
localhost:636</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapsearch
-x -H
<a moz-do-not-send="true" href="ldap://localhost">ldap://localhost</a>
-b "cn=kolab,cn=config" -D "cn=Directory
Manager" -W</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725227"><span lang="NL">Harden SSL Ciphers</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# grep
NSSCipherSuite
/etc/httpd/conf.d/nss.conf</span></p><p class="MsoNormal"><span lang="NL">NSSCipherSuite
-rsa_rc4_128_md5,-rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,-ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,-ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,-ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
httpd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan
--no-failed
localhost:443</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# ldapmodify
-x -h localhost -p
389 -D
"cn=Directory Manager" -W</span></p><p class="MsoNormal"><span lang="NL">Enter LDAP Password:</span></p><p class="MsoNormal"><span lang="NL">dn:
cn=encryption,cn=config</span></p><p class="MsoNormal"><span lang="NL">changetype: modify</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3</span></p><p class="MsoNormal"><span lang="NL">nsSSL3: off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL2</span></p><p class="MsoNormal"><span lang="NL">nsSSL2: off</span></p><p class="MsoNormal"><span lang="NL">-</span></p><p class="MsoNormal"><span lang="NL">replace: nsSSL3Ciphers</span></p><p class="MsoNormal"><span lang="NL">nsSSL3Ciphers:
-rc4,-rc4export,-rc2,-rc2export,-des,-desede3,-rsa_rc4_128_md5,-rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,+rsa_fips_3des_sha,+fips_3des_sha,-rsa_fips_des_sha,-fips_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,-tls_rsa_export1024_with_rc4_56_sha,-rsa_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha,-rsa_des_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-dhe_dss_des_sha,+dhe_dss_3des_sha,-dhe_rsa_des_sha,+dhe_rsa_3des_sha,+tls_rsa_aes_128_sha,+rsa_aes_128_sha,+tls_dhe_dss_aes_128_sha,+tls_dhe_rsa_aes_128_sha,+tls_rsa_aes_256_sha,+rsa_aes_256_sha,+tls_dhe_dss_aes_256_sha,+tls_dhe_rsa_aes_256_sha,-tls_dhe_dss_1024_rc4_sha,-tls_dhe_dss_rc4_128_sha</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
dirsrv restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan
--no-failed localhost:636</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">[root@mail ~]# grep
tls_cipher /etc/imapd.conf</span></p><p class="MsoNormal"><span lang="NL">tls_cipher_list:
TLSv1+HIGH:!aNULL:@STRENGTH</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# service
cyrus-imapd restart</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sslscan
--no-failed localhost:993</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725228"><span lang="NL">Kolab CLI</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -r -i
-e '/api_url/d' -e
"s#\[kolab_wap\]#[kolab_wap]\napi_url =
<a moz-do-not-send="true" href="https://mail.intranet.scmb.de/kolab-webadmin/api#g">https://mail.intranet.scmb.de/kolab-webadmin/api#g</a>"
/etc/kolab/kolab.conf</span></p>
<h2><a moz-do-not-send="true" name="_Toc261725229"><span lang="NL">Roundcube</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
'/kolab_ssl/d'
/etc/roundcubemail/libkolab.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
's/<a class="moz-txt-link-freetext" href="http://https/">http:/https:/</a>'
/etc/roundcubemail/kolab_files.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# sed -i -e
'/^?>/d'
/etc/roundcubemail/config.inc.php</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
>>
/etc/roundcubemail/config.inc.php << EOF</span></p><p class="MsoNormal"><span lang="NL">\$config['kolab_http_request']
= array(</span></p><p class="MsoNormal"><span lang="NL">
'ssl_verify_peer' =>
true,</span></p><p class="MsoNormal"><span lang="NL">
'ssl_verify_host' =>
true,</span></p><p class="MsoNormal"><span lang="NL">
'ssl_cafile'
=> '/etc/pki/tls/certs/ca-bundle.crt'</span></p><p class="MsoNormal"><span lang="NL">);</span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
>>
/etc/roundcubemail/config.inc.php <<
EOF\$config['calendar_caldav_url']
= "<a moz-do-not-send="true" href="https://mail.intranet.scmb.de/iRony/calendars/%u/%i">https://mail.intranet.scmb.de/iRony/calendars/%u/%i</a>";</span></p><p class="MsoNormal"><span lang="NL">\$config['kolab_addressbook_carddav_url']
=
'<a moz-do-not-send="true" href="https://mail.intranet.scmb.de/iRony/addressbooks/%u/%i%27">https://mail.intranet.scmb.de/iRony/addressbooks/%u/%i'</a>;</span></p><p class="MsoNormal"><span lang="NL">EOF</span></p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span lang="NL">Fix indenting and php
close tag at the end of </span>/etc/roundcubemail/config.inc.php!</p><div><span lang="NL"> </span><br class="webkit-block-placeholder"></div>
<h2><a moz-do-not-send="true" name="_Toc261725230"><span lang="NL">ipTables</span></a></h2><p class="MsoNormal"><span lang="NL">[root@mail ~]# cat
/etc/sysconfig/iptables</span></p><p class="MsoNormal"><span lang="NL"># Firewall configuration
written by
system-config-firewall</span></p><p class="MsoNormal"><span lang="NL"># Manual customization of
this file is not
recommended.</span></p><p class="MsoNormal"><span lang="NL">*filter</span></p><p class="MsoNormal"><span lang="NL">:INPUT ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">:FORWARD ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">:OUTPUT ACCEPT [0:0]</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
ESTABLISHED,RELATED
-j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -p icmp -j
ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -i lo -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 22 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 25 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 80 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state
--state NEW -m tcp -p tcp
--dport 110 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state
--state NEW -m tcp -p tcp
--dport 143 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL"><b>#-A INPUT -m state
--state NEW -m tcp -p tcp
--dport 389 -j ACCEPT</b></span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 443 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 465 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 587 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 636 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 993 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -m state --state
NEW -m tcp -p tcp
--dport 995 -j ACCEPT</span></p><p class="MsoNormal"><span lang="NL">-A INPUT -j REJECT
--reject-with
icmp-host-prohibited</span></p><p class="MsoNormal"><span lang="NL">-A FORWARD -j REJECT
--reject-with
icmp-host-prohibited</span></p><p class="MsoNormal"><span lang="NL">COMMIT</span></p>
<!--EndFragment--></div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div><br>
<div>
<div>Am 15.05.2014 um 09:09 schrieb IG BEB GmbH (Herr Treber)
<<a moz-do-not-send="true" href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"><font size="-1">Hallo Markus</font>,<br>
<small>die Datei setup_mta.py hatte ich schon angepasst.<br>
Hab nun auch noch folgendes Problem:<br>
Bei der Kontoeinrichtung mit Thunderbird als
Mailclient bekomme ich einfach<br>
kein Zugang zu Kolab, bringt immer Benutzername oder
Kennwort falsch.<br>
Egal welchen Port oder welche Verschlüsselung ich
wähle.<br>
<br>
Das Protokoll maillog bringt diese Fehlermeldung:<br>
May 15 09:00:27 web imaps[4343]: Fatal error:
tls_start_servertls() failed<br>
May 15 09:00:27 web master[3122]: process type:SERVICE
name:imaps path:/usr/lib/cyrus-imapd/imapd age:25.271s
pid:4343 signaled to death by signal 6 (Aborted, core
dumped)<br>
May 15 09:03:05 web postfix/smtpd[5028]: warning:
192.168.1.13: address not listed for hostname
localhost<br>
May 15 09:03:05 web postfix/smtpd[5028]: connect from
unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/submission/smtpd[5027]:
warning: 192.168.1.13: address not listed for hostname
localhost<br>
May 15 09:03:05 web postfix/submission/smtpd[5027]:
connect from unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/smtpd[5028]: disconnect
from unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/submission/smtpd[5027]:
disconnect from unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/smtpd[5028]: warning:
192.168.1.13: address not listed for hostname
localhost<br>
May 15 09:03:05 web postfix/smtpd[5028]: connect from
unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/submission/smtpd[5027]:
warning: 192.168.1.13: address not listed for hostname
localhost<br>
May 15 09:03:05 web postfix/submission/smtpd[5027]:
connect from unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/submission/smtpd[5027]:
lost connection after CONNECT from
unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/submission/smtpd[5027]:
disconnect from unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/smtpd[5028]: lost
connection after CONNECT from unknown[192.168.1.13]<br>
May 15 09:03:05 web postfix/smtpd[5028]: disconnect
from unknown[192.168.1.13]<br>
May 15 09:03:09 web imap[3404]: STARTTLS negotiation
failed: localhost [192.168.1.13]<br>
May 15 09:03:10 web imap[3404]: Connection reset by
peer, closing connection<br>
May 15 09:03:10 web imap[5026]: STARTTLS negotiation
failed: localhost [192.168.1.13]<br>
May 15 09:03:10 web imap[5026]: Connection reset by
peer, closing connection<br>
<br>
Hängt das irgendwie zusammen?<br>
Muss der Dienst saslauthd von CentOS laufen oder
übernimmt das kolab-saslauthd.<br>
Fragen über Fragen.<br>
<br>
Kennt sich da jemand aus?<br>
<br>
Danke.<br>
Uwe<br>
------------- <br>
</small>
<div class="moz-signature">
<div class="Section1"><br>
</div>
</div>
Am 14.05.2014 22:20, schrieb Markus Bernhardt:<br>
</div>
<blockquote cite="mid:AB601F24-6D1D-4E22-A71F-879AF4D9F071@me.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
Hi,
<div><br>
</div>
<div>ich habe genau das gleiche Setup am Laufen.</div>
<div><br>
</div>
<div>Folgende Fehler habe ich auch im Log:</div>
<div>May 14 21:50:14 mail lmtpunix[32137]: ptload(): bad
response from ptloader server: identifier not found</div>
<div>May 14 21:50:14 mail lmtpunix[32137]: ptload failed
for markus^<a moz-do-not-send="true" href="mailto:bernhardt@scmb.de">bernhardt@scmb.de</a></div>
<div>May 14 22:00:01 mail imaps[8801]: SASL unable to
open Berkeley db /etc/sasldb2: No such file or
directory</div>
<div><br>
</div>
<div>Aber nicht den ersten:</div>
> May 14 13:58:15 web ptloader[3603]: LDAP search for
domain failed.
<div><br>
</div>
<div>Bei mir im Log:<br>
<div>May 14 04:30:01 mail ptloader[25396]: starting:
ptloader.c,v git2.5+0</div>
<div><br>
</div>
<div>Hast Du eigentlich den Fix für <a moz-do-not-send="true" href="https://issues.kolab.org/show_bug.cgi?id=2864">https://issues.kolab.org/show_bug.cgi?id=2864</a>
drin?</div>
<div>[root@mail ~]#
vi /usr/lib/python2.6/site-packages/pykolab/setup/setup_mta.py<br>
if os.path.isdir('/etc/amavisd'):<br>
fp = open('/etc/amavisd/amavisd.conf',
'w')<br>
<b><font color="#ff4013">
fp.write(t.__str__())<br>
fp.close()<br>
</font></b>
elif os.path.isdir('/etc/amavis'):<br>
fp = open('/etc/amavis/amavisd.conf',
'w')<br>
fp.write(t.__str__())<br>
fp.close()</div>
<div><br>
</div>
<div>Hoffe das hilft evtl. irgendwie.</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Markus</div>
<div><br>
<div>
<div>Am 14.05.2014 um 14:02 schrieb IG BEB GmbH
(Herr Treber) <<a moz-do-not-send="true" href="mailto:treber@beb-weimar.de">treber@beb-weimar.de</a>>:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div text="#000000" bgcolor="#FFFFFF" style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"><font size="-1">Hallo,<br>
<br>
habe mal Kolab 3.2 auf CentOS 6.5
installiert.<br>
Installation verlief problemlos.<span class="Apple-converted-space"> </span><br>
Nutzer angelegt und per Roundcubemail
eingeloggt.<br>
<br>
Der Zugriff zu Rondcubemail dauert recht
lang.<br>
<br>
Hängt das evtl. damit zusammen und wie ist
das zu lösen?<br>
<br>
Im Protokoll maillog steht<br>
</font><font size="-1">May 14 13:58:15 web
ptloader[3603]: LDAP search for domain
failed.<br>
May 14 13:58:15 web imap[5178]: ptload():
bad response from ptloader server:
identifier not found<br>
May 14 13:58:15 web imap[5178]: ptload
failed: but canonified<span class="Apple-converted-space"> </span></font><font size="-1"><font size="-1"><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
underline;">user.name</a></font><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
underline;">@beb-weimar.de</a><span class="Apple-converted-space"> </span>-><span class="Apple-converted-space"> </span></font><font size="-1"><font size="-1"><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
underline;">user.name</a></font><a moz-do-not-send="true" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
underline;">@beb-weimar.de</a><br>
May 14 13:58:15 web imap[5178]: SASL unable
to open Berkeley db /etc/sasldb2: No such
file or directory<br>
May 14 13:58:15 web imap[5178]: SASL unable
to open Berkeley db /etc/sasldb2: No such
file or directory<br>
May 14 13:58:15 web imap[5178]: login:
localhost [::1]<span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:user.name@beb-weimar.de" style="color: purple; text-decoration:
underline;">user.name@beb-weimar.de</a><span class="Apple-converted-space"> </span>PLAIN+TLS
User logged in SESSIONID=<<a moz-do-not-send="true" href="http://web.beb-weimar.de/" style="color: purple; text-decoration:
underline;">web.beb-weimar.de</a>-5178-1400068694-1><br>
May 14 13:58:16 web imap[5178]: USAGE<span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:user%5Ename@beb-weimar.de" style="color: purple; text-decoration:
underline;">user^name@beb-weimar.de</a><span class="Apple-converted-space"> </span>user:
0.015997 sys: 0.007998<br>
May 14 13:58:17 web imap[4967]: starttls:
TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256 bits new) no authentication<br>
May 14 13:58:17 web imap[5187]: starttls:
TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256 bits new) no authentication</font><font size="-1"><br>
<br>
Der Username wird einmal mit "." und "^"
dargestellt?<br>
<br>
Kennt sich da jemand aus?<br>
</font>
<div class="moz-signature">--<span class="Apple-converted-space"> </span><br>
<div class="Section1" style="page:
Section1;">Danke<br>
Uwe<br>
</div>
</div>
_______________________________________________<br>
users-de mailing list<br>
<a moz-do-not-send="true" href="mailto:users-de@lists.kolab.org" style="color: purple; text-decoration:
underline;">users-de@lists.kolab.org</a><br>
<a moz-do-not-send="true" href="https://lists.kolab.org/mailman/listinfo/users-de" style="color: purple; text-decoration:
underline;">https://lists.kolab.org/mailman/listinfo/users-de</a></div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</div>
_______________________________________________<br>
users-de mailing list<br>
<a moz-do-not-send="true" href="mailto:users-de@lists.kolab.org">users-de@lists.kolab.org</a><br>
<a class="moz-txt-link-freetext" href="https://lists.kolab.org/mailman/listinfo/users-de">https://lists.kolab.org/mailman/listinfo/users-de</a></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
_______________________________________________<br>users-de mailing list<br><a href="mailto:users-de@lists.kolab.org">users-de@lists.kolab.org</a><br>https://lists.kolab.org/mailman/listinfo/users-de</blockquote></div><br></div></body></html>