centos:mail_c7:postfix3_5

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
centos:mail_c7:postfix3_5 [15.02.2019 10:05. ] – [ausgehender TLS-Verkehr] djangocentos:mail_c7:postfix3_5 [25.05.2020 10:25. ] (aktuell) django
Zeile 565: Zeile 565:
   subject= /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root   subject= /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
  
-==== CA Vetrauensmodell - CA Trust ====+==== CA Vertrauensmodell - CA Trust ====
 {{page>centos:ca-trust&nofooter&showheader}} {{page>centos:ca-trust&nofooter&showheader}}
  
Zeile 3605: Zeile 3605:
 Bei Bedarf können wir uns bei unserem Mailserver, mit Hilfe der nachfolgenden Befehle, einen Überblick über Anzahl und Art der einzelnen TLS-Verbindungen anzeigen lassen. Bei Bedarf können wir uns bei unserem Mailserver, mit Hilfe der nachfolgenden Befehle, einen Überblick über Anzahl und Art der einzelnen TLS-Verbindungen anzeigen lassen.
  
 +=== ankommender TLS-Verkehr ===
 +Wieviele verschlüsselte Verbindungen unser MTA angenommen hat, verrät uns ein Blick in das Maillog. Dort suchen wir nach den entsprechenden Zeilen mit z.B. mit folgender Abfrage.
  
 +   # egrep "TLS connection established from.*with cipher" /var/log/maillog | awk '{printf("%s\n", $12)}'  \
 +           | sort | uniq -c | sort -nr
  
-<WRAP center round todo 30%+<code>193593 TLSv1.2 
-FIXME FIXME FIXME  +   9578 TLSv1 
-  * //**... in Überarbeitung!**//   +    868 TLSv1.1 
-FIXME FIXME FIXME  +</code>
-</WRAP>+
  
-=== ankommender TLS-Verkehr === +Eine Aufstellung der unterschiedlichen Protokolle mit den verwendeten Ciphern ermitteln wir mit folgendem Befehl
-   # grep 'TLS connection established from' /var/log/maillog | sed -e 's/^.*\]\//' -e 's/ with cipher.*//' | sort | uniq -c +
- +
-<code>  42184 TLSv1 +
- 167813 TLSv1.2</code>+
  
    # egrep "TLS connection established from.*with cipher" /var/log/maillog | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' \    # egrep "TLS connection established from.*with cipher" /var/log/maillog | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' \
            | sort | uniq -c | sort -nr            | sort | uniq -c | sort -nr
-<code>   8038 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 + 
-   3981 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 +<code> 238038 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 
-    705 TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 + 173981 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 
-    614 TLSv1 with cipher DHE-RSA-AES256-SHA +  10705 TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 
-    440 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA384 +   6914 TLSv1 with cipher DHE-RSA-AES256-SHA 
-    265 TLSv1 with cipher ECDHE-RSA-AES256-SHA +   5540 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA384 
-     75 TLSv1 with cipher ECDHE-ECDSA-AES256-SHA +   1265 TLSv1 with cipher ECDHE-RSA-AES256-SHA 
-     62 TLSv1.2 with cipher AES256-GCM-SHA384 +    765 TLSv1 with cipher ECDHE-ECDSA-AES256-SHA 
-     41 TLSv1.2 with cipher DHE-RSA-AES256-SHA256 +    666 TLSv1.2 with cipher AES256-GCM-SHA384 
-     40 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA +    421 TLSv1.2 with cipher DHE-RSA-AES256-SHA256 
-     39 TLSv1.1 with cipher ECDHE-RSA-AES256-SHA +    400 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA 
-     25 TLSv1.1 with cipher ECDHE-ECDSA-AES256-SHA +    379 TLSv1.1 with cipher ECDHE-RSA-AES256-SHA 
-     21 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 +    167 TLSv1.1 with cipher ECDHE-ECDSA-AES256-SHA 
-     20 TLSv1.2 with cipher AES256-SHA256 +    121 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 
-     20 TLSv1.2 with cipher AES256-SHA +    105 TLSv1.2 with cipher AES256-SHA256 
-     20 TLSv1.2 with cipher AES128-GCM-SHA256 +    105 TLSv1.2 with cipher AES256-SHA 
-     19 TLSv1.2 with cipher AES128-SHA256 +    103 TLSv1.2 with cipher AES128-GCM-SHA256 
-     19 TLSv1.2 with cipher AES128-SHA +    102 TLSv1.2 with cipher AES128-SHA256 
-     16 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 +    102 TLSv1.2 with cipher AES128-SHA 
-     16 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA +    102 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 
-     16 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 +    101 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA 
-     16 TLSv1.2 with cipher DHE-RSA-CAMELLIA256-SHA +    101 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 
-     16 TLSv1.2 with cipher DHE-RSA-CAMELLIA128-SHA +    101 TLSv1.2 with cipher DHE-RSA-CAMELLIA256-SHA 
-     16 TLSv1.2 with cipher DHE-RSA-AES256-SHA +    101 TLSv1.2 with cipher DHE-RSA-CAMELLIA128-SHA 
-     16 TLSv1.2 with cipher DHE-RSA-AES128-SHA256 +    100 TLSv1.2 with cipher DHE-RSA-AES256-SHA 
-     16 TLSv1.2 with cipher DHE-RSA-AES128-SHA +    100 TLSv1.2 with cipher DHE-RSA-AES128-SHA256 
-     16 TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 +    100 TLSv1.2 with cipher DHE-RSA-AES128-SHA 
-     15 TLSv1.1 with cipher AES256-SHA +    100 TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 
-     14 TLSv1 with cipher AES256-SHA +     99 TLSv1.1 with cipher AES256-SHA 
-     14 TLSv1 with cipher AES128-SHA +     99 TLSv1 with cipher AES256-SHA 
-     12 TLSv1.2 with cipher CAMELLIA256-SHA +     93 TLSv1 with cipher AES128-SHA 
-     11 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA +     92 TLSv1.2 with cipher CAMELLIA256-SHA 
-     11 TLSv1.2 with cipher CAMELLIA128-SHA +     92 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA 
-     11 TLSv1.1 with cipher AES128-SHA +     89 TLSv1.2 with cipher CAMELLIA128-SHA 
-     10 TLSv1 with cipher ECDHE-RSA-AES128-SHA +     89 TLSv1.1 with cipher AES128-SHA 
-     10 TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA +     88 TLSv1 with cipher ECDHE-RSA-AES128-SHA 
-     10 TLSv1 with cipher DHE-RSA-CAMELLIA128-SHA +     88 TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA 
-     10 TLSv1 with cipher DHE-RSA-AES128-SHA +     86 TLSv1 with cipher DHE-RSA-CAMELLIA128-SHA 
-     10 TLSv1 with cipher CAMELLIA256-SHA +     52 TLSv1 with cipher DHE-RSA-AES128-SHA 
-     10 TLSv1 with cipher CAMELLIA128-SHA +     50 TLSv1 with cipher CAMELLIA256-SHA 
-      TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA256 +     47 TLSv1 with cipher CAMELLIA128-SHA 
-      TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA +     23 TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA256 
-      TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 +     21 TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA 
-      TLSv1.1 with cipher ECDHE-RSA-AES128-SHA +     19 TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 
-      TLSv1.1 with cipher DHE-RSA-CAMELLIA256-SHA +     17 TLSv1.1 with cipher ECDHE-RSA-AES128-SHA 
-      TLSv1.1 with cipher DHE-RSA-CAMELLIA128-SHA +     17 TLSv1.1 with cipher DHE-RSA-CAMELLIA256-SHA 
-      TLSv1.1 with cipher DHE-RSA-AES256-SHA +     17 TLSv1.1 with cipher DHE-RSA-CAMELLIA128-SHA 
-      TLSv1.1 with cipher DHE-RSA-AES128-SHA +     17 TLSv1.1 with cipher DHE-RSA-AES256-SHA 
-      TLSv1.1 with cipher CAMELLIA256-SHA +     17 TLSv1.1 with cipher DHE-RSA-AES128-SHA 
-      TLSv1.1 with cipher CAMELLIA128-SHA +     17 TLSv1.1 with cipher CAMELLIA256-SHA 
-      TLSv1 with cipher ECDHE-ECDSA-AES128-SHA +     17 TLSv1.1 with cipher CAMELLIA128-SHA 
-      TLSv1.1 with cipher ECDHE-ECDSA-AES128-SHA</code>+     16 TLSv1 with cipher ECDHE-ECDSA-AES128-SHA 
 +     15 TLSv1.1 with cipher ECDHE-ECDSA-AES128-SHA</code>
 === ausgehender TLS-Verkehr === === ausgehender TLS-Verkehr ===
 +Wollen wir wissen wieviele TLS gesichete Verbindungen unser Mailserver zu anderen aufbaut können wir dies wie folgt abrufen
    # grep 'TLS connection established to' /var/log/maillog | sed -e 's/^.*\]:25\: //' -e 's/ with cipher.*//' | sort | uniq -c    # grep 'TLS connection established to' /var/log/maillog | sed -e 's/^.*\]:25\: //' -e 's/ with cipher.*//' | sort | uniq -c
  
-<code>  69741 TLSv1 +<code>  324664 TLSv1.2</code>
-   3323 TLSv1.1 +
- 396939 TLSv1.2</code> +
  
-     # egrep "TLS connection established to.*with cipher" /var/log/maillog | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' \ +Wollen wir wissen welche Cipher bei den unterschiedlichen Protokollen verwendet wurden, fragen wir dies mit folgendem Befehl ab: 
 +   # egrep "TLS connection established to.*with cipher" /var/log/maillog | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' \ 
              | sort | uniq -c | sort -nr              | sort | uniq -c | sort -nr
-<code>    565 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 +<code> 181337 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 
-    539 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 + 140867 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 
-     87 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 +   1337 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 
-     79 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 +    679 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 
-      TLSv1.2 with cipher DHE-RSA-AES256-SHA256 +    423 TLSv1.2 with cipher DHE-RSA-AES256-SHA256 
-      TLSv1.2 with cipher AES256-GCM-SHA384</code>+     21 TLSv1.2 with cipher AES256-GCM-SHA384</code>
  
 === graphische Übersicht des TLS-Clientverkehrs === === graphische Übersicht des TLS-Clientverkehrs ===
  • centos/mail_c7/postfix3_5.1550225146.txt.gz
  • Zuletzt geändert: 15.02.2019 10:05.
  • von django