kb:linux:generalites:serveur_mx_de_secours
Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédenteDernière révisionLes deux révisions suivantes | ||
bk:linux:generalites:serveur_mx_de_secours [2018/08/18 13:16] – créée beu | bk:linux:generalites:serveur_mx_de_secours [2018/08/18 16:38] – beu | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
======Serveur MX de secours===== | ======Serveur MX de secours===== | ||
+ | |||
+ | Pour les petites infrastructures n' | ||
+ | |||
+ | Pour cela il vous faut postfix, et juste le configurer comme ceci | ||
+ | |||
+ | <code bash main.cf> | ||
+ | myhostname = mx02.virtit.fr | ||
+ | smtpd_banner = $myhostname ESMTP | ||
+ | mynetworks = 127.0.0.0/ | ||
+ | maximal_queue_lifetime = 30d | ||
+ | |||
+ | relay_recipient_maps = | ||
+ | relay_domains = hash:/ | ||
+ | transport_maps = hash:/ | ||
+ | |||
+ | smtpd_recipient_restrictions = permit_mynetworks, | ||
+ | |||
+ | # | ||
+ | ## TLS settings | ||
+ | # | ||
+ | smtpd_use_tls = yes | ||
+ | smtpd_tls_auth_only = no | ||
+ | smtpd_tls_key_file = / | ||
+ | smtpd_tls_cert_file = / | ||
+ | smtpd_tls_dh1024_param_file = ${config_directory}/ | ||
+ | smtpd_tls_loglevel = 1 | ||
+ | smtpd_tls_session_cache_database = btree: | ||
+ | smtpd_tls_security_level = may | ||
+ | smtpd_tls_received_header = yes | ||
+ | |||
+ | # Disallow SSLv2 and SSLv3, only accept secure ciphers | ||
+ | smtpd_tls_protocols = !SSLv2, !SSLv3 | ||
+ | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 | ||
+ | smtpd_tls_mandatory_ciphers = high | ||
+ | smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL | ||
+ | smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL | ||
+ | |||
+ | # Enable elliptic curve cryptography | ||
+ | smtpd_tls_eecdh_grade = strong | ||
+ | |||
+ | # Use TLS if this is supported by the remote SMTP server, otherwise use plaintext. | ||
+ | smtp_tls_security_level = may | ||
+ | smtp_tls_loglevel = 1 | ||
+ | smtp_tls_exclude_ciphers = EXPORT, LOW | ||
+ | |||
+ | </ | ||
+ | |||
+ | Ensuite on va définir les domaines relayer : | ||
+ | |||
+ | <code file relaydomains> | ||
+ | virtit.fr OK | ||
+ | </ | ||
+ | |||
+ | et vers quels serveurs les renvoyer : | ||
+ | |||
+ | <code file transportmaps> | ||
+ | virtit.fr | ||
+ | </ | ||
+ | |||
+ | et ensuite on les hash : | ||
+ | |||
+ | <code bash> | ||
+ | # postmap / | ||
+ | </ | ||
+ | |||
+ | on génére la clé Diffie Hellman : | ||
+ | |||
+ | <code bash> | ||
+ | # openssl dhparam -out / | ||
+ | </ | ||
+ | |||
+ | Et il ne vous restera qu'a renseigner vos certificats au lignes suivantes : | ||
+ | |||
+ | <code bash [enable_line_numbers=" | ||
+ | # | ||
+ | ## TLS settings | ||
+ | # | ||
+ | smtpd_use_tls = yes | ||
+ | smtpd_tls_auth_only = no | ||
+ | smtpd_tls_key_file = / | ||
+ | smtpd_tls_cert_file = / | ||
+ | smtpd_tls_dh1024_param_file = ${config_directory}/ | ||
+ | smtpd_tls_loglevel = 1 | ||
+ | </ | ||
+ | |||
+ | et a redémarrer votre service postfix |
kb/linux/generalites/serveur_mx_de_secours.txt · Dernière modification : 2019/09/23 18:37 de 127.0.0.1