Postfix Mailgateway: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 33: | Zeile 33: | ||
*apt install postfix | *apt install postfix | ||
no configuration | no configuration | ||
| + | ==Konfiguration== | ||
| + | *vi /etc/postfix/main.cf | ||
| + | <pre> | ||
| + | compatibility_level = 3.9 | ||
| + | myhostname = mail-gw.it213.int | ||
| + | myorigin = /etc/mailname | ||
| + | mydomain = it213.int | ||
| + | |||
| + | smtpd_banner = $myhostname ESMTP $mail_name (Debian) | ||
| + | biff = no | ||
| + | inet_protocols = ipv4 | ||
| + | inet_interfaces = all | ||
| + | |||
| + | # Kein finaler Empfaenger | ||
| + | mydestination = | ||
| + | mailbox_size_limit = 0 | ||
| + | recipient_delimiter = + | ||
| + | |||
| + | # Relay | ||
| + | relay_domains = it213.int | ||
| + | transport_maps = hash:/etc/postfix/transport | ||
| + | |||
| + | # Netzwerk | ||
| + | mynetworks = 127.0.0.0/8 | ||
| + | |||
| + | # TLS | ||
| + | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key | ||
| + | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem | ||
| + | smtpd_tls_security_level = may | ||
| + | smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt | ||
| + | smtp_tls_security_level = may | ||
| + | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | ||
| + | |||
| + | smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination | ||
| + | compatibility_level = 3.9 | ||
| + | myhostname = mail-gw.it213.int | ||
| + | myorigin = /etc/mailname | ||
| + | mydomain = it213.int | ||
| + | |||
| + | smtpd_banner = $myhostname ESMTP $mail_name (Debian) | ||
| + | biff = no | ||
| + | inet_protocols = ipv4 | ||
| + | inet_interfaces = all | ||
| + | |||
| + | # Kein finaler Empfaenger | ||
| + | mydestination = | ||
| + | mailbox_size_limit = 0 | ||
| + | recipient_delimiter = + | ||
| + | |||
| + | # Relay | ||
| + | relay_domains = it213.int | ||
| + | transport_maps = hash:/etc/postfix/transport | ||
| + | |||
| + | # Netzwerk | ||
| + | mynetworks = 127.0.0.0/8 | ||
| + | |||
| + | # TLS | ||
| + | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key | ||
| + | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem | ||
| + | smtpd_tls_security_level = may | ||
| + | smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt | ||
| + | smtp_tls_security_level = may | ||
| + | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | ||
| + | |||
| + | smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination | ||
| + | </pre> | ||
Version vom 4. Juni 2026, 14:32 Uhr
Netzkonfiguration MAILGW-Server (DMZ)
| Parameter | Wert | Erläuterung |
|---|---|---|
| Netzwerk (NIC) | DMZ | Interface-Zuweisung in VirtualBox |
| IP | 10.88.2XX.49 | Statische IP |
| CIDR | 24 | Classless Inter-Domain Routing Präfixlänge |
| GW | 10.88.2XX.1 | GATEWAY |
| NS | 10.88.2XX.21 | Resolver |
| FQDN | mail-gw.it2XX.int | Fully Qualified Domain Name |
| SHORT | mail-gw | Short Name |
| DOM | it2XX.int | Domain Name |
- Anpassen des Templates
oder
- debian-setup.sh -f mail-gw.it2XX.int -a 10.88.2XX.49/24 -g 10.88.2XX.1 -n 10.88.2XX.21
Einfügen in die ~/.ssh/config
- als kit user
- Auf dem Host über den ProxyJump eintragen
Auf dem MAILGW
Installation
- apt install postfix
no configuration
Konfiguration
- vi /etc/postfix/main.cf
compatibility_level = 3.9
myhostname = mail-gw.it213.int
myorigin = /etc/mailname
mydomain = it213.int
smtpd_banner = $myhostname ESMTP $mail_name (Debian)
biff = no
inet_protocols = ipv4
inet_interfaces = all
# Kein finaler Empfaenger
mydestination =
mailbox_size_limit = 0
recipient_delimiter = +
# Relay
relay_domains = it213.int
transport_maps = hash:/etc/postfix/transport
# Netzwerk
mynetworks = 127.0.0.0/8
# TLS
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_security_level = may
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination
compatibility_level = 3.9
myhostname = mail-gw.it213.int
myorigin = /etc/mailname
mydomain = it213.int
smtpd_banner = $myhostname ESMTP $mail_name (Debian)
biff = no
inet_protocols = ipv4
inet_interfaces = all
# Kein finaler Empfaenger
mydestination =
mailbox_size_limit = 0
recipient_delimiter = +
# Relay
relay_domains = it213.int
transport_maps = hash:/etc/postfix/transport
# Netzwerk
mynetworks = 127.0.0.0/8
# TLS
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_security_level = may
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination