3-facher DKIM [gelöst]

[blacksh33p86]

Servus,

leider habe ich Problem mit der DKIM-Einrichtung bei meinem Mailserver....
Ich hatte wohl vor ewig langen Zeiten mal versucht DKIM einzurichten, aber es dann wohl aufgegeben (vor opendkim).

Heute habe ich es mal mit OPENDKIM eingerichtet und nun habe ich im Header 3 DKIM-Signaturen und finde den Verursacher nicht....

root@mail:/etc/postfix# cat main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

#myhostname = mail.meinedomain.com
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2


##### MANUAL#####

smtpd_sasl_security_options = noanonymous



# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = mail.meinedomain.com
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
#mydestination = vmd62420.contaboserver.net, localhost, localhost.localdomain
mydestination = mail.meinedomain.com, localhost, localhost.localdomain

relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unixrivate/quota-status
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, reject_rbl_client zen.spamhaus.org, permit_sasl_authenticated, reject_unauth_pipelining , permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = lmtp:unixrivate/dovecot-lmtp
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtp_tls_security_level = dane
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
address_verify_negative_refresh_time = 60s
enable_original_recipient = no
smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
address_verify_sender_ttl = 15686s
smtp_dns_support_level = dnssec
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
content_filter = lmtp:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0

##########dkim
milter_protocol = 6
milter_default_action = accept
non_smtpd_milters=inet:127.0.0.1:12345
smtpd_milters=inet:127.0.0.1:12345

root@mail:/etc/postfix# cat master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o smtp_bind_address=


127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtpd_milters=


127.0.0.1:10027 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o milter_default_action=accept
-o milter_macro_daemon_name=ORIGINATING
-o disable_dns_lookups=yes

TXT-Records

201705._domainkey TXT v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9[....]GtW/6JRBp8cQnlfluqbthaUMzqeALoJDtP2JJnq7KCWbNDOeeJwIDAQAB
meinedomain.com TXT v=spf1 a mx -all
_dmarc TXT v=DMARC1;p=quarantine;rua=mailto:dmarc@meinedomain.com;pct=100;ruf=mailto:dmarc@meinedomain.com;fo=1;aspf=r;adkim=r;

Email-Header (Auszug)

Return-Path: <mk@meinedomain.com.com>
Received: from mail.meinedomain.com ([xx.xx.xx.xx]) by mx-ha.web.de
(mxweb012 [xx.xx.xx.xx]) with ESMTPS (Nemesis) id 1MYwgG-1mjhvY2Aoy-00UuSt
for <testempfaenger@web.de>; Mon, 31 Jan 2022 09:40:04 +0100
Received: from localhost (localhost [127.0.0.1])
by mail.meinedomain.com (Postfix) with ESMTP id 3F80B1680670
for <testempfaenger@web.de>; Mon, 31 Jan 2022 09:40:04 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinedomain.com;
s=201705; t=1643618404;
bh=lsUaLOBgg0D1g6r6zcMGQ6VijMcN6tlSJCyFCgsIBok=;
h=Date:To:From:From;
b=YQx1cNc+jpIqtIeqhw5vEuW8Cahk8khLAd32T6hbCJyFge3zhWIfCJarVooAwrXnn
M6j1nhLcqUq6bOu5fGBp7fGc6/DrxuOg5/TY4PFqJAo2BoiUM+hQmGqUEwurGcXfY7
IwUdWWCdgQRy4XdvKY21N/CyX6Tj0sLTtf106rcCDQ6SWtk5KP2VPxfdzcIm0JzZmK
an5nAsmL+lvGmB1qrKACP7GhxWeor5EKpsYVXLYNwfdsQKV8Pcz04XcuLGs9u2vGAk
sGg5vL1HxMr/iyjgp1bunGuiU+UgFUlCH3khhdp1tgjvaEk7v/BBd7I7CRYZov8NKW
SNJdDUXbOqFNQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=meinedomain.com;
h=content-type:content-type:from:from:user-agent:mime-version
:date:date:message-id; s=default; t=1643618399; x=1645432800;
bh=lsUaLOBgg0D1g6r6zcMGQ6VijMcN6tlSJCyFCgsIBok=; b=D6uka0oRCHvk
WWDo0uVc3FSFntWmVaFJ2iyxzDye7zjC4K0CCkoPEzVbjBNPByqgI7p0fQHdUHSt
Lsi2WXMKQEmgSuK5L0XWeT8exlXFZPh69G3yVUtm6YWnRvZvwqRy8DbwiCmXGCZv
upbNyA8OPPfTaE0fHg4rvYbx2HaJZ75Sl1WpkGv3QMU1VZeXCdF15Xhi6PwFiUlf
Pdy8On6FTtDF1/i41Rld7/oEnEAWSopiVRJ0gbuic3/JJMDImRODdRQtJITDTA2D
VLzhYu9FJbHtnsI4iErtjNSuJSWm3E6qFr83p9KOIv8PxoTxIvh680+KNDLAlWTx
MJa0xCUAKw==
X-Virus-Scanned: Debian amavisd-new at mail.meinedomain.com
Received: from mail.meinedomain.com ([127.0.0.1])
by localhost (mail.meinedomain.com [127.0.0.1]) (amavisd-new, port 10026)
with LMTP id zT1mKsN4hV0v for <testempfaenger@web.de>;
Mon, 31 Jan 2022 09:39:59 +0100 (CET)
Received: from [xx.xx.xx.xx] (unknown [xx.xx.xx.xx])
(Authenticated sender: mk@meinedomain.com)
by mail.meinedomain.com (Postfix) with ESMTPSA id 62C161680744
for <testempfaenger@web.de>; Mon, 31 Jan 2022 09:39:59 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinedomain.com;
s=201705; t=1643618399;
bh=lsUaLOBgg0D1g6r6zcMGQ6VijMcN6tlSJCyFCgsIBok=;
h=Date:To:From:From;
b=Qa58XP7x/p/OqSHPMi0hLV+PkXGR2Heykngo44g/euybbZMxGh/e535pewBPwWRUJ
IRiHMqEIyb06z8m3vvYHHUPtfhOs+M9OksHsu0PjEiyBVdkHLY1iv70mctwlX88ugZ
3LnDkUnSNPVgBg1SH9kj+iuLDPATfii8LkWWrrX9V2m+vaMGBjenQTuMgkpbAzjfzq
ayiYsoioXj17jFDvmd2jrmlFsdBs8f0grQXgh4icflMmFHgtAeBqHJnxuVxV3q7r0o
8RzsXQOZIv6TsSrMiCt8AIfz3iwehWlirnIj+cZdsYSg3aE3aI//dF/9OMKyvo0o+e
rQ+y3Jc3hQGHA==
Message-ID: <635ca5b1-17de-f5f7-72bc-c0325e279ad4@meinedomain.com>
Date: Mon, 31 Jan 2022 09:39:58 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
To: testempfaenger@web.de
From: = <mk@meinedomain.com>
Autocrypt: addr=mk@meinedomain.com; keydata=
xsFNBF/25UwBEACm7jiJQWCPhfl2qy/QGz884DPvmV2eiIFrpjtnlN6Wrni+J+W0PtOJgo86
[...]
dbrnJhlA+bEBz8odTIkeMH9ClKYOw+Rvjiu4ikA4t/gNhNwOJF2rbxP9aGbk4ylHQboH
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------4xU5tjX8WiLdLVqoAXKetBRs"
Envelope-To: <testempfaenger@web.de>
X-Spam-Flag: YES
X-UI-Filterresults: junk:10;V03:K0:SYdz2WuZo1Q=:Ef3b/ak/GettKmJ9tWQ/xYBi+nw+
VyDjERqFda2JsrZxLjNQMzl4I1q4KG8ihzzUgd83J8KXoJoTfKOQ6Kzg++myyKG0qTUwI8L2q
CJ6YiPlyEeRkKUjmgfNzNB7c5aQnba3pVRPx4nAdwY8xaabcQC2BcJUw9BI+Zvzhve+/ovNEI
xAfv2RYr3AGXRHMy5Q30q2UNeg4P7wOAmXIGAekqq2bKl2A5H [....]

Ich versuche zu erreichen, dass meine Mails nicht mehr überall im Spam landen... Ich hoffe jemand hat eine Idee.

Danke und Grüße,

Marcel

 

[GwenDragon]

Meine Vermutung: du jagst lokal mehrfach was durch Milter und das signiert immer wieder.

 

[blacksh33p86]

Meine Vermutung: du jagst lokal mehrfach was durch Milter und das signiert immer wieder.

Das könnte schon sein. Leider habe ich keine Ahnung wo ich suchen muss...

 

[danton]

In der master.cf ist der milter beim Eintrag für Port 10027 nicht deaktiviert worden, das sollte zumindest einen Eintrag wieder entfernen.
Außerdem hast du zwei verschiedene DKIM-Konfigurationen auf deinem System laufen, die mittlere in deiner Mail unterscheidet sich nämlich u.a. in den zu signierenden Header-Zeilen von den anderen beiden. Hast du vielleicht in Amavis auch DKIM zum Signieren eingebunden?

 

[blacksh33p86]

Danke, habe dadurch die Fehler gefunden. Die Keys in der Amavis-Konfig habe ich auskommentiert den von die genannte Eintrag "frisiert".

Nun klappt alles anstandslos. Vielen Dank @danton und @GwenDragon

 

[Joe User]

Deine main.cf und master.cf (und vermutlich etliche/alle anderen Konfigurationen) müssen dringend mal komplett überarbeitet und auf aktuellen Stand gebracht werden. Dort sind extrem viele Altlasten drin, welche Dir eher früher als später schmerzhaft auf die Füsse kippen werden...

 

[blacksh33p86]

Deine main.cf und master.cf (und vermutlich etliche/alle anderen Konfigurationen) müssen dringend mal komplett überarbeitet und auf aktuellen Stand gebracht werden. Dort sind extrem viele Altlasten drin, welche Dir eher früher als später schmerzhaft auf die Füsse kippen werden...

Ohje ok... ich habe sowas schon befürchtet.... nur wo/wie soll ich das am besten anfangen?

 

[Joe User]

Kurzfassung:
Setze @home eine neue VirtualBox mit der von Dir aktuell verwendeten Distro-Version und Paketen auf und nimm daraus die nackten Konfigurationen als Basis. Dann schnappst Du Dir die jeweiilige offizielle Doku und änderst/erweiterst Deine neue Basis-Config so, dass Du den gewünschten Funktionsumfang erreichst und spielst (!!! nach einem Backup der alten Config !!!) die neue Config ein und restartest den betreffenden Dienst.
Das Ganze wiederholst Du step-by-step mit jeder einzelnen Konfiguration beziehungsweise Dienst und dann bist Du erstmal wieder auf aktuellem Stand. Wenn Du das nun alle 6-12 Monate, oder bestenfalls bei jedem Update, wiederholst, dann bist Du immer aktuell.

 

[blacksh33p86]

@Joe User Danke und gute Idee. Ich hoffe ich finde mal die Zeit....