centos:mail_c7:postfix3_5

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
Nächste ÜberarbeitungBeide Seiten der Revision
centos:mail_c7:postfix3_5 [14.02.2019 21:49. ] – [testssl] djangocentos:mail_c7:postfix3_5 [15.02.2019 10:05. ] – [ausgehender TLS-Verkehr] django
Zeile 3595: Zeile 3595:
 Der verschlüsselte Transportweg wird in der Headerzeilen einer eMail entsprechend vermerkt: Der verschlüsselte Transportweg wird in der Headerzeilen einer eMail entsprechend vermerkt:
 <code>Received: from mx1.tachtler.net (mx1.tachtler.net [88.217.171.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) <code>Received: from mx1.tachtler.net (mx1.tachtler.net [88.217.171.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested)
-    by mx1.nausch.org (Postfix) with ESMTP for <michael@nausch.org>; Thu, 26 Mar 2009 09:30:36 +0100 (CET)</code>+    by mx1.nausch.org (Postfix) with ESMTP for <michael@nausch.org>; Thu, 14 Feb 2019 19:13:37 +0100 (CET)</code>
 Auch im **Maillog** wird die gesicherte Kommunikation protokolliert: Auch im **Maillog** wird die gesicherte Kommunikation protokolliert:
-<code>Mar 26 23:40:40 nss postfix/smtp[18519]: setting up TLS connection to mx1.tachtler.net +<code>Feb 14 19:13:37 nss postfix/smtp[18519]: setting up TLS connection to mx1.tachtler.net 
-Mar 26 23:40:40 nss postfix/smtp[18519]: TLS connection established to mx1.tachtler.net: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) +Feb 14 19:13:37 nss postfix/smtp[18519]: TLS connection established to mx1.tachtler.net: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) 
-Mar 26 23:40:52 nss postfix/smtp[18519]: ECC0E1158526: to=<root@tachtler.net>, relay=mx1.tachtler.net[88.217.171.167]:25, delay=13, delays=0.01/0.14/0.81/12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D7C7141582)</code>+Feb 14 19:13:37 nss postfix/smtp[18519]: ECC0E1158526: to=<root@tachtler.net>, relay=mx1.tachtler.net[88.217.171.167]:25, delay=13, delays=0.01/0.14/0.81/12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D7C7141582)</code> 
  
 ==== TLS-Verkehrsstatistik ==== ==== TLS-Verkehrsstatistik ====
-Bei bedarf können wir uns bei unserem Mailserver, mit Hilfe der nachfolgenden Befehle, einen Überblick über Anzahl und Art der einzelnen TLS-Verbindungen anzeigen lassen.+Bei Bedarf können wir uns bei unserem Mailserver, mit Hilfe der nachfolgenden Befehle, einen Überblick über Anzahl und Art der einzelnen TLS-Verbindungen anzeigen lassen. 
 + 
 + 
 + 
 +<WRAP center round todo 30%> 
 +FIXME FIXME FIXME  
 +  * //**... in Überarbeitung!**//   
 +FIXME FIXME FIXME  
 +</WRAP>
  
 === ankommender TLS-Verkehr === === ankommender TLS-Verkehr ===
Zeile 3610: Zeile 3619:
  167813 TLSv1.2</code>  167813 TLSv1.2</code>
  
 +   # egrep "TLS connection established from.*with cipher" /var/log/maillog | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' \
 +           | sort | uniq -c | sort -nr
 +<code>   8038 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
 +   3981 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384
 +    705 TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384
 +    614 TLSv1 with cipher DHE-RSA-AES256-SHA
 +    440 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA384
 +    265 TLSv1 with cipher ECDHE-RSA-AES256-SHA
 +     75 TLSv1 with cipher ECDHE-ECDSA-AES256-SHA
 +     62 TLSv1.2 with cipher AES256-GCM-SHA384
 +     41 TLSv1.2 with cipher DHE-RSA-AES256-SHA256
 +     40 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA
 +     39 TLSv1.1 with cipher ECDHE-RSA-AES256-SHA
 +     25 TLSv1.1 with cipher ECDHE-ECDSA-AES256-SHA
 +     21 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
 +     20 TLSv1.2 with cipher AES256-SHA256
 +     20 TLSv1.2 with cipher AES256-SHA
 +     20 TLSv1.2 with cipher AES128-GCM-SHA256
 +     19 TLSv1.2 with cipher AES128-SHA256
 +     19 TLSv1.2 with cipher AES128-SHA
 +     16 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256
 +     16 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA
 +     16 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256
 +     16 TLSv1.2 with cipher DHE-RSA-CAMELLIA256-SHA
 +     16 TLSv1.2 with cipher DHE-RSA-CAMELLIA128-SHA
 +     16 TLSv1.2 with cipher DHE-RSA-AES256-SHA
 +     16 TLSv1.2 with cipher DHE-RSA-AES128-SHA256
 +     16 TLSv1.2 with cipher DHE-RSA-AES128-SHA
 +     16 TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256
 +     15 TLSv1.1 with cipher AES256-SHA
 +     14 TLSv1 with cipher AES256-SHA
 +     14 TLSv1 with cipher AES128-SHA
 +     12 TLSv1.2 with cipher CAMELLIA256-SHA
 +     11 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA
 +     11 TLSv1.2 with cipher CAMELLIA128-SHA
 +     11 TLSv1.1 with cipher AES128-SHA
 +     10 TLSv1 with cipher ECDHE-RSA-AES128-SHA
 +     10 TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA
 +     10 TLSv1 with cipher DHE-RSA-CAMELLIA128-SHA
 +     10 TLSv1 with cipher DHE-RSA-AES128-SHA
 +     10 TLSv1 with cipher CAMELLIA256-SHA
 +     10 TLSv1 with cipher CAMELLIA128-SHA
 +      8 TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA256
 +      8 TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA
 +      8 TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256
 +      7 TLSv1.1 with cipher ECDHE-RSA-AES128-SHA
 +      7 TLSv1.1 with cipher DHE-RSA-CAMELLIA256-SHA
 +      7 TLSv1.1 with cipher DHE-RSA-CAMELLIA128-SHA
 +      7 TLSv1.1 with cipher DHE-RSA-AES256-SHA
 +      7 TLSv1.1 with cipher DHE-RSA-AES128-SHA
 +      7 TLSv1.1 with cipher CAMELLIA256-SHA
 +      7 TLSv1.1 with cipher CAMELLIA128-SHA
 +      6 TLSv1 with cipher ECDHE-ECDSA-AES128-SHA
 +      5 TLSv1.1 with cipher ECDHE-ECDSA-AES128-SHA</code>
 === ausgehender TLS-Verkehr === === ausgehender TLS-Verkehr ===
    # grep 'TLS connection established to' /var/log/maillog | sed -e 's/^.*\]:25\: //' -e 's/ with cipher.*//' | sort | uniq -c    # grep 'TLS connection established to' /var/log/maillog | sed -e 's/^.*\]:25\: //' -e 's/ with cipher.*//' | sort | uniq -c
Zeile 3616: Zeile 3679:
    3323 TLSv1.1    3323 TLSv1.1
  396939 TLSv1.2</code>  396939 TLSv1.2</code>
 +
 +
 +     # egrep "TLS connection established to.*with cipher" /var/log/maillog | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' \ 
 +             | sort | uniq -c | sort -nr
 +<code>    565 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256
 +    539 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
 +     87 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
 +     79 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384
 +      3 TLSv1.2 with cipher DHE-RSA-AES256-SHA256
 +      1 TLSv1.2 with cipher AES256-GCM-SHA384</code>
  
 === graphische Übersicht des TLS-Clientverkehrs === === graphische Übersicht des TLS-Clientverkehrs ===
  • centos/mail_c7/postfix3_5.txt
  • Zuletzt geändert: 25.05.2020 10:25.
  • von django