tachtler:postfix_centos_7_-_openpgpkey_anbinden_openpgpkey-milter
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:postfix_centos_7_-_openpgpkey_anbinden_openpgpkey-milter [2018/08/31 14:39] – [/etc/postfix/main.cf] klaus | tachtler:postfix_centos_7_-_openpgpkey_anbinden_openpgpkey-milter [2018/08/31 15:56] (aktuell) – [openpgpkey-milter] klaus | ||
---|---|---|---|
Zeile 202: | Zeile 202: | ||
* **'' | * **'' | ||
* **'' | * **'' | ||
+ | * **'' | ||
+ | |||
+ | :!: **HINWEIS** - **Die Installation muss __aktuell__ auf dem gleichen Server auf dem auch der [[http:// | ||
Die Installation von **'' | Die Installation von **'' | ||
Zeile 309: | Zeile 312: | ||
</ | </ | ||
- | ==== Dienst/ | + | |
+ | Die Installation von **'' | ||
+ | < | ||
+ | # yum install python-setproctitle | ||
+ | Loaded plugins: changelog, priorities | ||
+ | 301 packages excluded due to repository priority protections | ||
+ | Resolving Dependencies | ||
+ | --> Running transaction check | ||
+ | ---> Package python-setproctitle.x86_64 0: | ||
+ | --> Finished Dependency Resolution | ||
+ | |||
+ | Changes in packages about to be updated: | ||
+ | |||
+ | |||
+ | Dependencies Resolved | ||
+ | |||
+ | ================================================================================ | ||
+ | | ||
+ | ================================================================================ | ||
+ | Installing: | ||
+ | | ||
+ | |||
+ | Transaction Summary | ||
+ | ================================================================================ | ||
+ | Install | ||
+ | |||
+ | Total download size: 15 k | ||
+ | Installed size: 29 k | ||
+ | Is this ok [y/d/N]: y | ||
+ | Downloading packages: | ||
+ | python-setproctitle-1.1.6-5.el7.x86_64.rpm | ||
+ | Running transaction check | ||
+ | Running transaction test | ||
+ | Transaction test succeeded | ||
+ | Running transaction | ||
+ | Installing : python-setproctitle-1.1.6-5.el7.x86_64 | ||
+ | Verifying | ||
+ | |||
+ | Installed: | ||
+ | python-setproctitle.x86_64 0: | ||
+ | |||
+ | Complete! | ||
+ | </ | ||
+ | |||
+ | Die Installation von **'' | ||
+ | < | ||
+ | # rpm -qil python-setproctitle | ||
+ | Name : python-setproctitle | ||
+ | Version | ||
+ | Release | ||
+ | Architecture: | ||
+ | Install Date: Fri 31 Aug 2018 03:42:12 PM CEST | ||
+ | Group : Unspecified | ||
+ | Size : 30189 | ||
+ | License | ||
+ | Signature | ||
+ | Source RPM : python-setproctitle-1.1.6-5.el7.src.rpm | ||
+ | Build Date : Tue 10 Jun 2014 10:01:15 AM CEST | ||
+ | Build Host : worker1.bsys.centos.org | ||
+ | Relocations : (not relocatable) | ||
+ | Packager | ||
+ | Vendor | ||
+ | URL : http:// | ||
+ | Summary | ||
+ | Description : | ||
+ | Python module allowing a process to change its title as displayed by | ||
+ | system tool such as ps and top. | ||
+ | |||
+ | It's useful in multiprocess systems, allowing to identify tasks each forked | ||
+ | process is busy with. This technique has been used by PostgreSQL and OpenSSH. | ||
+ | |||
+ | It's based on PostgreSQL implementation which has proven to be portable. | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ===== Dienst/ | ||
Um einen [[https:// | Um einen [[https:// | ||
Zeile 326: | Zeile 408: | ||
# systemctl is-enabled openpgpkey-milter.service | # systemctl is-enabled openpgpkey-milter.service | ||
enabled | enabled | ||
+ | </ | ||
+ | |||
+ | ===== iptables Regel ====== | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | Um die aktuellen '' | ||
+ | < | ||
+ | # iptables -L -nv --line-numbers | ||
+ | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 ACCEPT | ||
+ | 2 0 0 ACCEPT | ||
+ | 3 0 0 ACCEPT | ||
+ | 4 0 0 ACCEPT | ||
+ | 5 0 0 REJECT | ||
+ | |||
+ | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 REJECT | ||
+ | |||
+ | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | </ | ||
+ | |||
+ | Nachfolgender Befehl, fügt folgende '' | ||
+ | * < | ||
+ | und hier der Befehl: | ||
+ | < | ||
+ | # iptables -I INPUT 5 -p tcp --dport 8890 -j ACCEPT | ||
+ | </ | ||
+ | |||
+ | Ein erneute Abfrage des '' | ||
+ | < | ||
+ | # iptables -L -nv --line-numbers | ||
+ | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 ACCEPT | ||
+ | 2 0 0 ACCEPT | ||
+ | 3 0 0 ACCEPT | ||
+ | 4 0 0 ACCEPT | ||
+ | 5 0 0 ACCEPT | ||
+ | 6 0 0 REJECT | ||
+ | |||
+ | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | 1 0 0 REJECT | ||
+ | |||
+ | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) | ||
+ | num pkts bytes target | ||
+ | </ | ||
+ | |||
+ | Die neue Zeile ist an **Position 5 (INPUT)** zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (**nur relevanter Ausschnitt**): | ||
+ | < | ||
+ | ... | ||
+ | 5 0 0 ACCEPT | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | Um diese '' | ||
+ | < | ||
+ | # / | ||
</ | </ | ||
Zeile 447: | Zeile 591: | ||
sub 4096R/ | sub 4096R/ | ||
</ | </ | ||
+ | |||
+ | ===== Erster Start OpenPGPKey-milter ===== | ||
+ | |||
+ | Um den [[https:// | ||
+ | < | ||
+ | # systemctl start openpgpkey-milter | ||
+ | </ | ||
+ | |||
+ | Eine Überprüfung ob der Start des [[http:// | ||
+ | < | ||
+ | # systemctl status openpgpkey-milter | ||
+ | ● openpgpkey-milter.service - OPENPGPKEY auto encryption milter | ||
+ | | ||
+ | | ||
+ | Main PID: 31380 (openpgpkey-milt) | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Aug 31 15:15:15 vml70060.idmz.tachtler.net systemd[1]: Started OPENPGPKEY aut... | ||
+ | Aug 31 15:15:15 vml70060.idmz.tachtler.net systemd[1]: Starting OPENPGPKEY au... | ||
+ | Aug 31 15:15:15 vml70060.idmz.tachtler.net openpgpkey-milter[31380]: | ||
+ | Aug 31 15:15:15 vml70060.idmz.tachtler.net openpgpkey-milter[31380]: | ||
+ | Hint: Some lines were ellipsized, use -l to show in full. | ||
+ | </ | ||
+ | |||
+ | bzw. mit nachfolgendem Befehl, ob der Dienst/ | ||
+ | < | ||
+ | # ps aux | grep openpgpkey-milter | ||
+ | root | ||
+ | root | ||
+ | root | ||
+ | </ | ||
+ | |||
+ | ===== Konfiguration: | ||
+ | |||
+ | Nachfolgende Änderungen werden an den Konfigurationsdateien | ||
+ | * **''/ | ||
+ | * **''/ | ||
+ | durchgeführt, | ||
+ | |||
+ | Dabei soll die Anbindung von [[http:// | ||
+ | * **'' | ||
==== / | ==== / | ||
- | Nachfolgende Konfiguration dient der Einbindung des [[https://github.com/letoams/ | + | Hier die Änderungen an der Konfigurationsdatei **'' |
- | **(Nur relevanter Ausschnitt)**: | + | (**Nur relevanter Ausschnitt**): |
- | < | + | < |
+ | ... | ||
# OPENPGPKEY (openphpkey-milter) | # OPENPGPKEY (openphpkey-milter) | ||
- | openpgpkey_milter = inet: | + | openpgpkey_milter = inet:127.0.0.1: |
+ | ... | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Hier die Änderungen an der Konfigurationsdatei **''/ | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**): | ||
+ | |||
+ | <code ini> | ||
+ | # Tachtler - new - | ||
+ | # Outgoing traffic, BACK from amavisd-new from smtpd_proxy_filter. | ||
+ | 192.168.0.60: | ||
+ | -o content_filter= | ||
+ | -o smtpd_proxy_filter= | ||
+ | # -o smtpd_milters= | ||
+ | # -o smtpd_milters=${opendkim_milter} | ||
+ | -o smtpd_milters=${openpgpkey_milter}, | ||
+ | -o smtpd_authorized_xforward_hosts=127.0.0.0/ | ||
+ | -o smtpd_client_restrictions= | ||
+ | -o smtpd_helo_restrictions= | ||
+ | -o smtpd_sender_restrictions= | ||
+ | -o smtpd_relay_restrictions= | ||
+ | -o smtpd_recipient_restrictions=permit_mynetworks, | ||
+ | -o smtpd_data_restrictions= | ||
+ | -o mynetworks=0.0.0.0/ | ||
+ | -o receive_override_options=no_unknown_recipient_checks | ||
+ | # Tachtler - new - | ||
+ | # Outgoing traffic, BACK from amavisd-new from content_filter. | ||
+ | 192.168.0.60: | ||
+ | -o content_filter= | ||
+ | -o smtpd_proxy_filter= | ||
+ | # -o smtpd_milters= | ||
+ | # -o smtpd_milters=${opendkim_milter} | ||
+ | -o smtpd_milters=${openpgpkey_milter}, | ||
+ | -o smtpd_authorized_xforward_hosts=127.0.0.0/ | ||
+ | -o smtpd_delay_reject=no | ||
+ | -o smtpd_client_restrictions= | ||
+ | -o smtpd_helo_restrictions= | ||
+ | -o smtpd_sender_restrictions= | ||
+ | -o smtpd_relay_restrictions= | ||
+ | -o smtpd_recipient_restrictions=permit_mynetworks, | ||
+ | -o smtpd_data_restrictions=reject_unauth_pipelining | ||
+ | -o smtpd_end_of_data_restrictions= | ||
+ | -o smtpd_restriction_classes= | ||
+ | -o mynetworks=0.0.0.0/ | ||
+ | -o smtpd_error_sleep_time=0 | ||
+ | -o smtpd_soft_error_limit=1001 | ||
+ | -o smtpd_hard_error_limit=1000 | ||
+ | -o smtpd_client_connection_count_limit=0 | ||
+ | -o smtpd_client_connection_rate_limit=0 | ||
+ | # -o receive_override_options=no_header_body_checks, | ||
+ | -o receive_override_options=no_header_body_checks, | ||
+ | -o local_header_rewrite_clients= | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | **__Nachfolgend Erklärungen zu den WICHTIGSTEN Konfigurationen: | ||
+ | |||
+ | * <code ini> -o smtpd_milters=${openpgpkey_milter}, | ||
+ | |||
+ | Die Option sorgt dafür, dass dem Parameter '' | ||
+ | |||
+ | :!: **ACHTUNG** - **Falls ein '' | ||
+ | |||
+ | ===== Neustart MTA Postfix ===== | ||
+ | |||
+ | Falls vorstehende Änderungen (natürlich an die jeweiligen Bedürfnisse angepasst) durchgeführt wurden, muss ein **Neustart** von [[http:// | ||
+ | |||
+ | Danach kann der **postfix**-Server mit nachfolgendem Befehle **__neu__** gestartet werden: | ||
+ | < | ||
+ | # systemctl restart postfix | ||
+ | </ | ||
+ | |||
+ | Mit nachfolgendem Befehl kann der Status des abgefragt werden: | ||
+ | < | ||
+ | # systemctl status postfix | ||
+ | postfix.service - Postfix Mail Transport Agent | ||
+ | | ||
+ | | ||
+ | Process: 1128 ExecStop=/ | ||
+ | Process: 1144 ExecStart=/ | ||
+ | Process: 1141 ExecStartPre=/ | ||
+ | Process: 1138 ExecStartPre=/ | ||
+ | Main PID: 1216 (master) | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Oct 15 11:11:26 server60.idmz.tachtler.net systemd[1]: Starting Postfix Mail... | ||
+ | Oct 15 11:11:26 server60.idmz.tachtler.net postfix/ | ||
+ | Oct 15 11:11:26 server60.idmz.tachtler.net postfix/ | ||
+ | Oct 15 11:11:26 server60.idmz.tachtler.net systemd[1]: Started Postfix Mail ... | ||
+ | Hint: Some lines were ellipsized, use -l to show in full. | ||
</ | </ | ||
tachtler/postfix_centos_7_-_openpgpkey_anbinden_openpgpkey-milter.1535719189.txt.gz · Zuletzt geändert: 2018/08/31 14:39 von klaus