tachtler:postfix_centos_7_-_srs_einsetzen
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:postfix_centos_7_-_srs_einsetzen [2016/11/10 09:51] – [Installation] klaus | tachtler:postfix_centos_7_-_srs_einsetzen [2017/05/03 09:53] (aktuell) – [/etc/sysconfig/postsrsd] klaus | ||
---|---|---|---|
Zeile 135: | Zeile 135: | ||
</ | </ | ||
- | FIXME | + | ===== Konfiguration: |
+ | |||
+ | ==== / | ||
+ | |||
+ | Standardmäßig wird nach der Installation von [[https:// | ||
+ | * **''/ | ||
+ | |||
+ | Nachfolgende Änderungen sind an der Konfigurationsdatei ''/ | ||
+ | |||
+ | (**Komplette Konfigurationsdatei**) | ||
+ | |||
+ | <code bash> | ||
+ | # Default settings for postsrsd | ||
+ | |||
+ | # Local domain name. | ||
+ | # Addresses are rewritten to originate from this domain. The default value | ||
+ | # is taken from `postconf -h mydomain` and probably okay. | ||
+ | # | ||
+ | # Tachtler | ||
+ | # default: # | ||
+ | SRS_DOMAIN=tachtler.net | ||
+ | |||
+ | # Exclude additional domains. | ||
+ | # You may list domains which shall not be subjected to address rewriting. | ||
+ | # If a domain name starts with a dot, it matches all subdomains, but not | ||
+ | # the domain itself. Separate multiple domains by space or comma. | ||
+ | # | ||
+ | # Tachtler | ||
+ | # | ||
+ | SRS_EXCLUDE_DOMAINS=.edmz.tachtler.net, | ||
+ | |||
+ | # Secret key to sign rewritten addresses. | ||
+ | # When postsrsd is installed for the first time, a random secret is generated | ||
+ | # and stored in / | ||
+ | # | ||
+ | SRS_SECRET=/ | ||
+ | |||
+ | # Local ports for TCP list. | ||
+ | # These ports are used to bind the TCP list for postfix. If you change | ||
+ | # these, you have to modify the postfix settings accordingly. The ports | ||
+ | # are bound to the loopback interface, and should never be exposed on | ||
+ | # the internet. | ||
+ | # | ||
+ | SRS_FORWARD_PORT=10001 | ||
+ | SRS_REVERSE_PORT=10002 | ||
+ | |||
+ | # Drop root privileges and run as another user after initialization. | ||
+ | # This is highly recommended as postsrsd handles untrusted input. | ||
+ | # | ||
+ | RUN_AS=nobody | ||
+ | |||
+ | # Jail daemon in chroot environment | ||
+ | CHROOT=/ | ||
+ | |||
+ | </ | ||
+ | |||
+ | **__Nachfolgende Änderungen sollten vorgenommen werden: | ||
+ | |||
+ | * <code bash> | ||
+ | |||
+ | Definition der **Domain** für die [[http:// | ||
+ | |||
+ | * < | ||
+ | |||
+ | Definition der **Domain** und **Sub-Domain** die vom [[http:// | ||
+ | |||
+ | ===== Konfiguration: | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Hier die Änderungen an der Konfigurationsdatei **''/ | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**): | ||
+ | |||
+ | <code ini> | ||
+ | ... | ||
+ | # ADDRESS REWRITING | ||
+ | # | ||
+ | # The ADDRESS_REWRITING_README document gives information about | ||
+ | # address masquerading or other forms of address rewriting including | ||
+ | # username-> | ||
+ | |||
+ | # Tachtler - new - Das Postfix Buch - Seite 116-119. | ||
+ | # without SRS: recipient_canonical_maps = btree:/ | ||
+ | recipient_canonical_maps = btree:/ | ||
+ | | ||
+ | # Tachtler - new - | ||
+ | # default: recipient_canonical_classes = envelope_recipient, | ||
+ | recipient_canonical_classes = envelope_recipient | ||
+ | |||
+ | # without SRS: sender_canonical_maps = btree:/ | ||
+ | sender_canonical_maps = btree:/ | ||
+ | tcp: | ||
+ | # Tachtler - new - | ||
+ | # default: sender_canonical_classes = envelope_sender, | ||
+ | sender_canonical_classes = envelope_sender | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | **__Nachfolgende Änderungen sollten vorgenommen werden: | ||
+ | |||
+ | * <code ini> | ||
+ | | ||
+ | |||
+ | Angabe der **TCP** '' | ||
+ | |||
+ | * <code ini> | ||
+ | |||
+ | Welche Klassen sind der Adresszuordnung von '' | ||
+ | |||
+ | * <code ini> | ||
+ | tcp: | ||
+ | |||
+ | Angabe der **TCP** '' | ||
+ | |||
+ | * <code ini> | ||
+ | |||
+ | Welche Klassen sind der Adresszuordnung von '' | ||
+ | |||
+ | ===== Erster Start/ | ||
+ | |||
+ | ==== SRS Dienst/ | ||
+ | |||
+ | Um den [[http:// | ||
+ | < | ||
+ | # systemctl enable postsrsd | ||
+ | Created symlink from / | ||
+ | </ | ||
+ | |||
+ | Eine Überprüfung, | ||
+ | < | ||
+ | # systemctl list-unit-files --type=service | grep -e postsrsd | ||
+ | postsrsd.service | ||
+ | </ | ||
+ | bzw. | ||
+ | < | ||
+ | # systemctl is-enabled postsrsd | ||
+ | enabled | ||
+ | </ | ||
+ | |||
+ | ==== Erster Start SRS ==== | ||
+ | |||
+ | Um den [[http:// | ||
+ | < | ||
+ | # systemctl start postsrsd | ||
+ | </ | ||
+ | |||
+ | Eine Überprüfung ob der Start des [[http:// | ||
+ | < | ||
+ | # systemctl status postsrsd | ||
+ | ● postsrsd.service - PostSRSd Daemon | ||
+ | | ||
+ | | ||
+ | Main PID: 2241 (postsrsd) | ||
+ | | ||
+ | | ||
+ | |||
+ | Nov 10 10:36:03 server60.idmz.tachtler.net systemd[1]: Started PostSRSd Daemon. | ||
+ | Nov 10 10:36:03 server60.idmz.tachtler.net systemd[1]: Starting PostSRSd Daem... | ||
+ | Hint: Some lines were ellipsized, use -l to show in full | ||
+ | </ | ||
+ | |||
+ | bzw. mit nachfolgendem Befehl, ob der Dienst/ | ||
+ | < | ||
+ | # ps aux | grep postsrsd | ||
+ | nobody | ||
+ | -dtachtler.net -s/ | ||
+ | root 2264 0.0 0.0 112648 | ||
+ | </ | ||
+ | |||
+ | ==== Neustart Postfix ==== | ||
+ | |||
+ | Um den [[http:// | ||
+ | < | ||
+ | # systemctl restart postfix | ||
+ | </ | ||
+ | |||
+ | Eine Überprüfung ob der Neustart des [[http:// | ||
+ | < | ||
+ | # systemctl status postfix | ||
+ | ● postfix.service - Postfix Mail Transport Agent | ||
+ | | ||
+ | | ||
+ | Process: 2648 ExecStop=/ | ||
+ | Process: 2666 ExecStart=/ | ||
+ | Process: 2663 ExecStartPre=/ | ||
+ | Process: 2660 ExecStartPre=/ | ||
+ | Main PID: 2738 (master) | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Nov 10 10:39:07 server60.idmz.tachtler.net systemd[1]: Starting Postfix Mail Transport Agent... | ||
+ | Nov 10 10:39:08 server60.idmz.tachtler.net postfix/ | ||
+ | configuration / | ||
+ | Nov 10 10:39:08 server60.idmz.tachtler.net systemd[1]: Started Postfix Mail Transport Agent. | ||
+ | </ | ||
+ | |||
+ | ===== Überprüfungen ===== | ||
+ | |||
+ | Nachfolgende soll überprüft werden, ob die Umschreibungen auch tatsächlich durchgeführt werden. | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Nachfolgende Zeile sollte in der LOG-Datei ''/ | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**): | ||
+ | < | ||
+ | ... | ||
+ | Nov 10 10:53:52 server60 postsrsd[4658]: | ||
+ | < | ||
+ | </ | ||
+ | |||
+ | Wird ein **bounce** vom Zielsystem der Nachricht durchgeführt, | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**): | ||
+ | < | ||
+ | ... | ||
+ | Nov 10 10:55:35 server60 postsrsd[6883]: | ||
+ | rewritten as < | ||
+ | ... | ||
+ | ... | ||
+ | Nov 10 10:56:12 server60 postfix/ | ||
+ | < | ||
+ | delay=0.75, delays=0.06/ | ||
+ | id=0Btr1f-2Y2H7s3AB3-012SFG) | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | ==== E-Mail-Header ==== | ||
+ | |||
+ | Auch im **Header** der zugestellten E-Mail wird beim Empfänger die Umschreibung auch im **Return-Path** hinterlegt: | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**): | ||
+ | < | ||
+ | ... | ||
+ | Return-Path: | ||
+ | ... | ||
+ | </ | ||
tachtler/postfix_centos_7_-_srs_einsetzen.1478767905.txt.gz · Zuletzt geändert: 2016/11/10 09:51 von klaus