TLS via SMTP is opportunistic which makes connections vulnerable to man-in-the-middle-attacks. In order to prevent mitm-attacks, DANE could be used. The sender-server will first check the domain-records if dnssec is in use(and valid) and if a TLSA-record is published(and valid). If a TLSA-record is valid and matches with the certificate of the recipient-server the connection could be encrypted and the encryption is verified.
If I enable postscreen on a Debian-Host I'll get this strange message in my mail.log:
Feb 13 08:38:37 tardis postfix/postscreen: close database /var/lib/postfix/postscreen_cache.db: No such file or directory (possible Berkeley DB bug)
It looks like the postscreen_cache.db-file is located in /var/lib/postfix instead of the postfix-jail /var/spool/postfix/var/lib/postfix. So we can fix it by moving the file into the jail:
Lets Encrypt was lately quite often in the media. Letsencrypt is a very easy to use tool which provides certificates for free. Those certificates are valid on most common browsers. I never understood why certificates are expensive that's why I tried out letsencrypt(and I like it!). In this article, I will replace all cacert-certificates on a kolab-server. Therefore I will install the letsencrypt-certificate on: apache2, cyrus-imapd and postfix.
If you have installed Kolab 3.2 on Debian Jessie and if you are using SSL, you might have problems with sieve-filters. If I click on Filters(in webmail), I'll recieve the following error: "Unable to connect to server". /var/log/mail.log shows me:
Sep 18 11:45:35 kolab sieve: STARTTLS failed: localhost [::1]
If i wanted to edit a mail.log(postfix) with vim, i always have missed the colors. so i just created a (multitail -CS postfix)color-scheme for vim..