![]() Port 25 or 587 followedĭnl # by STARTTLS is preferred, but roaming clients using Outlook Express can'tĭnl # do STARTTLS on ports other than 25. Roaming users who can't reach theirĭnl # preferred sendmail daemon due to port 25 being blocked or redirected findĭAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnlĭnl # The following causes sendmail to additionally listen to port 465, butĭnl # starting immediately in TLS mode upon connecting. Remove the loopbackĭnl # address restriction to accept email from the internet or intranet.ĭAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnlĭnl # The following causes sendmail to additionally listen to port 587 forĭnl # mail from MUAs that authenticate. O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3ĭnl # For this to work your OpenSSL certificates must be configured.ĭAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnlĭnl # The following causes sendmail to only listen on the IPv4 loopback addressĭnl # 127.0.0.1 and not on any other network devices. O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnlĭnl # Basic sendmail TLS configuration with self-signed certificate forĭnl # inbound SMTP (and also opportunistic TLS for outbound SMTP).ĭefine(`confCACERT_PATH',`/etc/pki/tls/certs')ĭefine(`confCACERT',`/etc/pki/tls/certs/')ĭefine(`confSERVER_CERT',`/etc/pki/tls/certs/2021/cert/netcult.ch.sendmail.pem')ĭefine(`confSERVER_KEY',`/etc/pki/tls/certs/2021/key/netcult.ch.sendmail.key')ĭefine(`confCRL',`/etc/pki/tls/certs/2021/crl/dvcasha2.crl')ĭnl # Do not allow weak SSL/TLS protocols and cipher algorythms Other mechanisms should be used if the connection is notĭnl # Please remember that saslauthd needs to be running for AUTH.ĭnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnlĭnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnlĭefine(`confAUTH_MECHANISMS',`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl Total Capacity: 750 ~]# vi /etc/mail/sendmail.mcĭnl # default logging level is 9, you might want to set it higher toĭnl # The following allows relaying if the user authenticates, and disallowsĭnl # plaintext authentication (PLAIN/LOGIN) on non-TLS linksĭnl # which realm to use in SASL database (sasldb2)ĭnl # PLAIN is the preferred plaintext authentication method and used byĭnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs doĭnl # use LOGIN. Virtual Server requirements for our environment: In the next chapters i document how we migrated our CentOS 7 installation to a fresh Rocky Linux 8 server. – eGroupware (Groupware, CalDAV, CardDAV) ![]() – MariaDB (Database for eGroupware and other databases) In our mailserver we use following applications: We use many applications on CentOS servers but the most imporant system is our e-mail/groupware server. Some weeks ago the first stable version compatible to CentOS 8 / RHEL 8 was released and we started our migration project from scratch. Rocky Linux was announced as the official unofficial successor of CentOS, the project was created by the founder of CentOS. Before we made a descision in which direction we move, we waited for the first release of Rocky Linux 8. We evaluated Ubuntu, OpenMandriva, Slackware, FreeBSD and other Linux/Unix distros. We where already prepared to switch our servers from CentOS 7 to 8 but our project stopped immediately after we heard about the abrupt end of CenOS – so we where looking around for new solutions. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |