From 06069898bc07d8755b2ce755156af5e16389a7c4 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Tue, 13 Apr 2021 18:06:59 +0200
Subject: [PATCH] daily autocommit

---
 .etckeeper                                    |  53 ++++++--
 cron.d/certbot                                |   2 +-
 dovecot/dovecot.conf.2021.04.08.22.02.11      | 102 --------------
 iptables/rules.v4                             |   9 +-
 iptables/rules.v6                             |  23 +++-
 .../meta.json                                 |   1 +
 .../private_key.json                          |   1 +
 .../regr.json                                 |   1 +
 .../meta.json                                 |   1 +
 .../private_key.json                          |   1 +
 .../regr.json                                 |   1 +
 .../archive/mail.uhu-banane.eu/cert1.pem      |  33 +++++
 .../archive/mail.uhu-banane.eu/chain1.pem     |  26 ++++
 .../archive/mail.uhu-banane.eu/fullchain1.pem |  59 ++++++++
 .../archive/mail.uhu-banane.eu/privkey1.pem   |  28 ++++
 letsencrypt/csr/0000_csr-certbot.pem          |  19 +++
 letsencrypt/keys/0000_key-certbot.pem         |  28 ++++
 letsencrypt/live/README                       |  14 ++
 letsencrypt/live/mail.uhu-banane.eu/README    |  14 ++
 letsencrypt/live/mail.uhu-banane.eu/cert.pem  |   1 +
 letsencrypt/live/mail.uhu-banane.eu/chain.pem |   1 +
 .../live/mail.uhu-banane.eu/fullchain.pem     |   1 +
 .../live/mail.uhu-banane.eu/privkey.pem       |   1 +
 letsencrypt/renewal/mail.uhu-banane.eu.conf   |  22 +++
 motd                                          |   4 +-
 mysql/mariadb.conf.d/50-server.cnf            |   4 +
 nginx/nginx.conf.2021.04.08.22.02.11          |  85 ------------
 nginx/sites-available.bak/default             |  91 -------------
 nginx/sites-enabled.bak/default               |   1 -
 postfix/aliases                               |  52 +++++--
 postfix/aliases.db                            | Bin 12288 -> 12288 bytes
 postfix/helo_access.pcre.2021.04.08.22.02.11  |   0
 postfix/main.cf                               |  25 ++--
 postfix/main.cf.2021.04.08.22.02.11           |  48 -------
 postfix/master.cf.2021.04.08.22.02.11         | 127 ------------------
 postfix/postscreen_access.cidr                |   4 +-
 ssl/certs/iRedMail.crt                        |  37 +----
 ssl/certs/iRedMail.crt.bak                    |  36 +++++
 ssl/private/iRedMail.key                      |  53 +-------
 ssl/private/iRedMail.key.bak                  |  52 +++++++
 40 files changed, 481 insertions(+), 580 deletions(-)
 delete mode 100644 dovecot/dovecot.conf.2021.04.08.22.02.11
 create mode 100644 letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/meta.json
 create mode 100644 letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/private_key.json
 create mode 100644 letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/regr.json
 create mode 100644 letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/meta.json
 create mode 100644 letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/private_key.json
 create mode 100644 letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/regr.json
 create mode 100644 letsencrypt/archive/mail.uhu-banane.eu/cert1.pem
 create mode 100644 letsencrypt/archive/mail.uhu-banane.eu/chain1.pem
 create mode 100644 letsencrypt/archive/mail.uhu-banane.eu/fullchain1.pem
 create mode 100644 letsencrypt/archive/mail.uhu-banane.eu/privkey1.pem
 create mode 100644 letsencrypt/csr/0000_csr-certbot.pem
 create mode 100644 letsencrypt/keys/0000_key-certbot.pem
 create mode 100644 letsencrypt/live/README
 create mode 100644 letsencrypt/live/mail.uhu-banane.eu/README
 create mode 120000 letsencrypt/live/mail.uhu-banane.eu/cert.pem
 create mode 120000 letsencrypt/live/mail.uhu-banane.eu/chain.pem
 create mode 120000 letsencrypt/live/mail.uhu-banane.eu/fullchain.pem
 create mode 120000 letsencrypt/live/mail.uhu-banane.eu/privkey.pem
 create mode 100644 letsencrypt/renewal/mail.uhu-banane.eu.conf
 delete mode 100644 nginx/nginx.conf.2021.04.08.22.02.11
 delete mode 100644 nginx/sites-available.bak/default
 delete mode 120000 nginx/sites-enabled.bak/default
 delete mode 100644 postfix/helo_access.pcre.2021.04.08.22.02.11
 delete mode 100644 postfix/main.cf.2021.04.08.22.02.11
 delete mode 100644 postfix/master.cf.2021.04.08.22.02.11
 mode change 100644 => 120000 ssl/certs/iRedMail.crt
 create mode 100644 ssl/certs/iRedMail.crt.bak
 mode change 100644 => 120000 ssl/private/iRedMail.key
 create mode 100644 ssl/private/iRedMail.key.bak

diff --git a/.etckeeper b/.etckeeper
index 9dc9d46..3f3aec5 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -26,6 +26,9 @@ mkdir -p './initramfs-tools/scripts/nfs-premount'
 mkdir -p './initramfs-tools/scripts/nfs-top'
 mkdir -p './initramfs-tools/scripts/panic'
 mkdir -p './kernel/install.d'
+mkdir -p './letsencrypt/renewal-hooks/deploy'
+mkdir -p './letsencrypt/renewal-hooks/post'
+mkdir -p './letsencrypt/renewal-hooks/pre'
 mkdir -p './logwatch/conf/logfiles'
 mkdir -p './logwatch/conf/services'
 mkdir -p './logwatch/scripts/services'
@@ -347,6 +350,7 @@ maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes'
 maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/timesyncd'
 maybe chmod 0644 'dhcp/dhclient.conf'
 maybe chmod 0755 'dovecot'
+maybe chmod 0755 'dovecot/.old'
 maybe chmod 0755 'dovecot/conf.d'
 maybe chmod 0644 'dovecot/conf.d/10-auth.conf'
 maybe chmod 0644 'dovecot/conf.d/10-director.conf'
@@ -395,7 +399,6 @@ maybe chown 'dovecot' 'dovecot/dovecot-used-quota.conf'
 maybe chgrp 'dovecot' 'dovecot/dovecot-used-quota.conf'
 maybe chmod 0500 'dovecot/dovecot-used-quota.conf'
 maybe chmod 0664 'dovecot/dovecot.conf'
-maybe chmod 0644 'dovecot/dovecot.conf.2021.04.08.22.02.11'
 maybe chmod 0700 'dovecot/private'
 maybe chmod 0755 'dpkg'
 maybe chmod 0644 'dpkg/dpkg.cfg'
@@ -610,7 +613,40 @@ maybe chmod 0644 'ldap/ldap.conf'
 maybe chmod 0755 'ldap/schema'
 maybe chmod 0644 'ldap/schema/amavis.schema'
 maybe chmod 0755 'letsencrypt'
+maybe chmod 0755 'letsencrypt/accounts'
+maybe chmod 0755 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org'
+maybe chmod 0700 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory'
+maybe chmod 0700 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646'
+maybe chmod 0644 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/meta.json'
+maybe chmod 0400 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/private_key.json'
+maybe chmod 0644 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/regr.json'
+maybe chmod 0755 'letsencrypt/accounts/acme-v02.api.letsencrypt.org'
+maybe chmod 0700 'letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory'
+maybe chmod 0700 'letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517'
+maybe chmod 0644 'letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/meta.json'
+maybe chmod 0400 'letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/private_key.json'
+maybe chmod 0644 'letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/regr.json'
+maybe chmod 0644 'letsencrypt/archive'
+maybe chmod 0755 'letsencrypt/archive/mail.uhu-banane.eu'
+maybe chmod 0644 'letsencrypt/archive/mail.uhu-banane.eu/cert1.pem'
+maybe chmod 0644 'letsencrypt/archive/mail.uhu-banane.eu/chain1.pem'
+maybe chmod 0644 'letsencrypt/archive/mail.uhu-banane.eu/fullchain1.pem'
+maybe chmod 0600 'letsencrypt/archive/mail.uhu-banane.eu/privkey1.pem'
 maybe chmod 0644 'letsencrypt/cli.ini'
+maybe chmod 0755 'letsencrypt/csr'
+maybe chmod 0644 'letsencrypt/csr/0000_csr-certbot.pem'
+maybe chmod 0700 'letsencrypt/keys'
+maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem'
+maybe chmod 0644 'letsencrypt/live'
+maybe chmod 0644 'letsencrypt/live/README'
+maybe chmod 0755 'letsencrypt/live/mail.uhu-banane.eu'
+maybe chmod 0644 'letsencrypt/live/mail.uhu-banane.eu/README'
+maybe chmod 0755 'letsencrypt/renewal'
+maybe chmod 0755 'letsencrypt/renewal-hooks'
+maybe chmod 0755 'letsencrypt/renewal-hooks/deploy'
+maybe chmod 0755 'letsencrypt/renewal-hooks/post'
+maybe chmod 0755 'letsencrypt/renewal-hooks/pre'
+maybe chmod 0644 'letsencrypt/renewal/mail.uhu-banane.eu.conf'
 maybe chmod 0644 'libaudit.conf'
 maybe chmod 0755 'libnl-3'
 maybe chmod 0644 'libnl-3/classid'
@@ -735,6 +771,9 @@ maybe chmod 0644 'networks'
 maybe chmod 0755 'nftables.conf'
 maybe chmod 0755 'nftables.conf.2021.04.08.22.02.11'
 maybe chmod 0755 'nginx'
+maybe chmod 0755 'nginx/.old'
+maybe chmod 0755 'nginx/.old/sites-available.bak'
+maybe chmod 0755 'nginx/.old/sites-enabled.bak'
 maybe chmod 0755 'nginx/conf-available'
 maybe chmod 0644 'nginx/conf-available/0-general.conf'
 maybe chmod 0644 'nginx/conf-available/cache.conf'
@@ -761,16 +800,12 @@ maybe chown 'www-data' 'nginx/netdata.users'
 maybe chgrp 'www-data' 'nginx/netdata.users'
 maybe chmod 0400 'nginx/netdata.users'
 maybe chmod 0644 'nginx/nginx.conf'
-maybe chmod 0644 'nginx/nginx.conf.2021.04.08.22.02.11'
 maybe chmod 0644 'nginx/proxy_params'
 maybe chmod 0644 'nginx/scgi_params'
 maybe chmod 0755 'nginx/sites-available'
-maybe chmod 0755 'nginx/sites-available.bak'
-maybe chmod 0644 'nginx/sites-available.bak/default'
 maybe chmod 0644 'nginx/sites-available/00-default-ssl.conf'
 maybe chmod 0644 'nginx/sites-available/00-default.conf'
 maybe chmod 0755 'nginx/sites-enabled'
-maybe chmod 0755 'nginx/sites-enabled.bak'
 maybe chmod 0755 'nginx/snippets'
 maybe chmod 0644 'nginx/snippets/fastcgi-php.conf'
 maybe chmod 0644 'nginx/snippets/snakeoil.conf'
@@ -874,6 +909,7 @@ maybe chmod 0644 'php/7.3/mods-available/xmlwriter.ini'
 maybe chmod 0644 'php/7.3/mods-available/xsl.ini'
 maybe chmod 0644 'php/7.3/mods-available/zip.ini'
 maybe chmod 0755 'postfix'
+maybe chmod 0755 'postfix/.old'
 maybe chmod 0644 'postfix/aliases'
 maybe chmod 0644 'postfix/aliases.db'
 maybe chgrp 'postfix' 'postfix/body_checks.pcre'
@@ -887,13 +923,10 @@ maybe chgrp 'postfix' 'postfix/header_checks'
 maybe chmod 0640 'postfix/header_checks'
 maybe chgrp 'postfix' 'postfix/helo_access.pcre'
 maybe chmod 0640 'postfix/helo_access.pcre'
-maybe chmod 0640 'postfix/helo_access.pcre.2021.04.08.22.02.11'
 maybe chmod 0644 'postfix/main.cf'
-maybe chmod 0644 'postfix/main.cf.2021.04.08.22.02.11'
 maybe chmod 0644 'postfix/main.cf.initial'
 maybe chmod 0644 'postfix/main.cf.proto'
 maybe chmod 0644 'postfix/master.cf'
-maybe chmod 0644 'postfix/master.cf.2021.04.08.22.02.11'
 maybe chmod 0644 'postfix/master.cf.initial'
 maybe chmod 0644 'postfix/master.cf.proto'
 maybe chmod 0755 'postfix/mysql'
@@ -1073,14 +1106,14 @@ maybe chmod 0644 'ssh/sshd_config'
 maybe chmod 0755 'ssl'
 maybe chmod 0755 'ssl/certs'
 maybe chmod 0644 'ssl/certs/ca-certificates.crt'
-maybe chmod 0644 'ssl/certs/iRedMail.crt'
+maybe chmod 0644 'ssl/certs/iRedMail.crt.bak'
 maybe chmod 0644 'ssl/certs/ssl-cert-snakeoil.pem'
 maybe chmod 0644 'ssl/dh2048_param.pem'
 maybe chmod 0644 'ssl/dh512_param.pem'
 maybe chmod 0644 'ssl/openssl.cnf'
 maybe chgrp 'ssl-cert' 'ssl/private'
 maybe chmod 0710 'ssl/private'
-maybe chmod 0644 'ssl/private/iRedMail.key'
+maybe chmod 0644 'ssl/private/iRedMail.key.bak'
 maybe chgrp 'ssl-cert' 'ssl/private/ssl-cert-snakeoil.key'
 maybe chmod 0640 'ssl/private/ssl-cert-snakeoil.key'
 maybe chmod 0644 'subgid'
diff --git a/cron.d/certbot b/cron.d/certbot
index e38dbb9..f24dc1d 100644
--- a/cron.d/certbot
+++ b/cron.d/certbot
@@ -14,4 +14,4 @@
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
-0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --post-hook /usr/local/sbin/restart_mailservices
diff --git a/dovecot/dovecot.conf.2021.04.08.22.02.11 b/dovecot/dovecot.conf.2021.04.08.22.02.11
deleted file mode 100644
index c802011..0000000
--- a/dovecot/dovecot.conf.2021.04.08.22.02.11
+++ /dev/null
@@ -1,102 +0,0 @@
-## Dovecot configuration file
-
-# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
-
-# "doveconf -n" command gives a clean output of the changed settings. Use it
-# instead of copy&pasting files when posting to the Dovecot mailing list.
-
-# '#' character and everything after it is treated as comments. Extra spaces
-# and tabs are ignored. If you want to use either of these explicitly, put the
-# value inside quotes, eg.: key = "# char and trailing whitespace  "
-
-# Most (but not all) settings can be overridden by different protocols and/or
-# source/destination IPs by placing the settings inside sections, for example:
-# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
-
-# Default values are shown for each setting, it's not required to uncomment
-# those. These are exceptions to this though: No sections (e.g. namespace {})
-# or plugin settings are added by default, they're listed only as examples.
-# Paths are also just examples with the real defaults being based on configure
-# options. The paths listed here are for configure --prefix=/usr
-# --sysconfdir=/etc --localstatedir=/var
-
-# Enable installed protocols
-!include_try /usr/share/dovecot/protocols.d/*.protocol
-
-# A comma separated list of IPs or hosts where to listen in for connections. 
-# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
-# If you want to specify non-default ports or anything more complex,
-# edit conf.d/master.conf.
-#listen = *, ::
-
-# Base directory where to store runtime data.
-#base_dir = /var/run/dovecot/
-
-# Name of this instance. In multi-instance setup doveadm and other commands
-# can use -i <instance_name> to select which instance is used (an alternative
-# to -c <config_path>). The instance name is also added to Dovecot processes
-# in ps output.
-#instance_name = dovecot
-
-# Greeting message for clients.
-#login_greeting = Dovecot ready.
-
-# Space separated list of trusted network ranges. Connections from these
-# IPs are allowed to override their IP addresses and ports (for logging and
-# for authentication checks). disable_plaintext_auth is also ignored for
-# these networks. Typically you'd specify your IMAP proxy servers here.
-#login_trusted_networks =
-
-# Space separated list of login access check sockets (e.g. tcpwrap)
-#login_access_sockets = 
-
-# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
-# proxying. This isn't necessary normally, but may be useful if the destination
-# IP is e.g. a load balancer's IP.
-#auth_proxy_self =
-
-# Show more verbose process titles (in ps). Currently shows user name and
-# IP address. Useful for seeing who are actually using the IMAP processes
-# (eg. shared mailboxes or if same uid is used for multiple accounts).
-#verbose_proctitle = no
-
-# Should all processes be killed when Dovecot master process shuts down.
-# Setting this to "no" means that Dovecot can be upgraded without
-# forcing existing client connections to close (although that could also be
-# a problem if the upgrade is e.g. because of a security fix).
-#shutdown_clients = yes
-
-# If non-zero, run mail commands via this many connections to doveadm server,
-# instead of running them directly in the same process.
-#doveadm_worker_count = 0
-# UNIX socket or host:port used for connecting to doveadm server
-#doveadm_socket_path = doveadm-server
-
-# Space separated list of environment variables that are preserved on Dovecot
-# startup and passed down to all of its child processes. You can also give
-# key=value pairs to always set specific settings.
-#import_environment = TZ
-
-##
-## Dictionary server settings
-##
-
-# Dictionary can be used to store key=value lists. This is used by several
-# plugins. The dictionary can be accessed either directly or though a
-# dictionary server. The following dict block maps dictionary names to URIs
-# when the server is used. These can then be referenced using URIs in format
-# "proxy::<name>".
-
-dict {
-  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
-  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
-}
-
-# Most of the actual configuration gets included below. The filenames are
-# first sorted by their ASCII value and parsed in that order. The 00-prefixes
-# in filenames are intended to make it easier to understand the ordering.
-!include conf.d/*.conf
-
-# A config file can also tried to be included without giving an error if
-# it's not found:
-!include_try local.conf
diff --git a/iptables/rules.v4 b/iptables/rules.v4
index e9554ec..2d79e54 100644
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,4 +1,4 @@
-# Generated by xtables-save v1.8.2 on Mon Apr 12 16:21:35 2021
+# Generated by xtables-save v1.8.2 on Tue Apr 13 10:07:12 2021
 *filter
 :INPUT DROP [0:0]
 :FORWARD ACCEPT [0:0]
@@ -7,7 +7,8 @@
 :rejects - [0:0]
 :mysql - [0:0]
 :portrejects - [0:0]
--A INPUT -j rejects
+:drops - [0:0]
+-A INPUT -j drops
 -A INPUT -m state --state ESTABLISHED -j ACCEPT
 -A INPUT -m state --state RELATED -j ACCEPT
 -A INPUT -i lo -m comment --comment myself -j ACCEPT
@@ -27,6 +28,7 @@
 -A INPUT -p tcp -m tcp --dport 25565 -m comment --comment Minecraft -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 3306 -j mysql
 -A INPUT -p tcp -m tcp --dport 5665 -j icinga2
+-A INPUT -j rejects
 -A INPUT -j portrejects
 -A INPUT -j NFLOG --nflog-prefix  "IPv4 INPUT Reject " --nflog-threshold 1
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
@@ -54,5 +56,6 @@
 -A portrejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable
 -A portrejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable
 -A portrejects -j RETURN
+-A drops -j RETURN
 COMMIT
-# Completed on Mon Apr 12 16:21:35 2021
+# Completed on Tue Apr 13 10:07:12 2021
diff --git a/iptables/rules.v6 b/iptables/rules.v6
index aad94c2..1e00b90 100644
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,10 +1,14 @@
-# Generated by xtables-save v1.8.2 on Mon Apr 12 16:21:35 2021
+# Generated by xtables-save v1.8.2 on Tue Apr 13 10:07:12 2021
 *filter
 :INPUT DROP [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :mysql - [0:0]
 :icinga2 - [0:0]
+:drops - [0:0]
+:rejects - [0:0]
+:portrejects - [0:0]
+-A INPUT -j drops
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
 -A INPUT -p ipv6-icmp -j ACCEPT
@@ -17,6 +21,8 @@
 -A INPUT -p tcp -m tcp --dport 4190 -m comment --comment Sieve -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 3306 -j mysql
 -A INPUT -p tcp -m tcp --dport 5665 -m comment --comment Icinga -j icinga2
+-A INPUT -j rejects
+-A INPUT -j portrejects
 -A INPUT -j NFLOG --nflog-prefix  "IPv6 INPUT Reject " --nflog-threshold 1
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
 -A mysql -s ::1/128 -j ACCEPT
@@ -28,5 +34,18 @@
 -A icinga2 -s 2a06:2380:0:1::3a/128 -m comment --comment ns3 -j ACCEPT
 -A icinga2 -j NFLOG --nflog-prefix  "IPv6 icinga2 Reject " --nflog-threshold 1
 -A icinga2 -j REJECT --reject-with icmp6-port-unreachable
+-A drops -j RETURN
+-A rejects -j RETURN
+-A portrejects -p tcp -m tcp --dport 23 -m comment --comment Telnet -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p udp -m udp --dport 137 -m comment --comment "Netbios NS" -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 137 -m comment --comment "Netbios NS" -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 445 -m comment --comment "Microsoft DS" -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 1433 -m comment --comment "MS SQL" -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p udp -m udp --dport 5060 -m comment --comment SIP -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 5060 -m comment --comment SIP -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 8080 -m comment --comment "HTTP alternativ" -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp6-port-unreachable
+-A portrejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-# Completed on Mon Apr 12 16:21:35 2021
+# Completed on Tue Apr 13 10:07:12 2021
diff --git a/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/meta.json b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/meta.json
new file mode 100644
index 0000000..f60432d
--- /dev/null
+++ b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/meta.json
@@ -0,0 +1 @@
+{"creation_dt": "2021-04-13T08:37:30Z", "creation_host": "helga.uhu-banane.de"}
\ No newline at end of file
diff --git a/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/private_key.json b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/private_key.json
new file mode 100644
index 0000000..f6f633d
--- /dev/null
+++ b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/private_key.json
@@ -0,0 +1 @@
+{"n": "wtKjwDBsKYyiv-fwdimyjQwvN_5yh3rMF6yTYdK-3MjJvmDp6w0mwNpAITSKHpN3ZVhMfhElmCyX4OUxaig0UOH9yARNjhK1008g0rtaE0uDEngXnD45Z1OD2G_VVo1jL6wvH1Mg94ZNW4l0TGWOmwLHwBDZCZIWFoKIbS8eh0GfiSVRxWKFj6S13Zk_kdbEn1eHjZPxnQ8pzP3dL4x_SmPo6N5Gf7T1p-_2ocb3v5cqDIrVCCHZ0FzABwQnsulQ7fSWR2ti7xOqFF5xFkFKNoTFxG1sS3dPl1i-OlNnioinRTSAghq0BYXOk6b77jz5vw2tAlA-ALO2JrwwM0SbEQ", "e": "AQAB", "d": "pE7SG_y6vDAH8qHCg2WXWK22BRtrrCc8iZrakd4TalFNFGrX3Y0x6eQnwdl1w2PLhoV5vbjoY_b4AIxLqKRPuwdd6Zr3baMKBjTuEcxAo5VD7geqofM4ppQg1iE7Y8vKoyIse9a4LwntpA3BL81XABTQMoQDB7dVOZbNSIg8zwRnRJsNWIOcXuDLKkLlThX-bXbtQLPAgBI5ziCRj6YoEvjoXzCvEC73ErvAilN2w-yV9PUL7afIPZdNrFLuyz0KlQvxkch5AIwwJWPQ4WtsJdzP9LslbG8gwdeRNVMoX3fX9O9t1triFTaPixjgBCIIkm67p1eLv5_OJ1RPWV6JgQ", "p": "8_TNLx-TVG3dJp5wz-ODA6omiSc4OMSmM5e0GCzn3BmtGoSP-nVda7gax_UdxN0teUX3WZB1kKmsbZ6GUaZUw0C9CWgJCMYGQciM6DFE7HjXlsBEfBVI9lv_B2W8kMdOT48fh0VuJCHuRbMqFrmQwxpc5zNn6SYzgSN7z7y0qJU", "q": "zHDfqqc2gqyhdaD8tzBeSwBuRFubtQxYidz6xhV3qACA4OGA4fQLi9sR5bBPhnEpumcAkAT59XXWGdkq0pyWhv9VYmuVb3-MIDh1Wsaxh7dWAf1T6POAXDEMVUixhx-QMoZcQD0diF3mu3JdM1PcqDo9eOUWaUYMr40m2nPnfY0", "dp": "KDabOABZddpiUQJfEDWtnAYJMiSP5POtfeWs3ytP0P0-hpeBcES2cJI5f-qMzK202D_LRS1F4-HENZGjDISBhmn-fzVx_8s8rs1TRNcSSHSm_QeWgmmzzEBf6qU_jxH7e6vZA6BTRot9Tmn5LyPJlA-dbtMPduRAKzJhL14o3X0", "dq": "Djvxpr0bs393gmwiDFMmzYwLIWFLdxCT_Y1QPIh0G1NlpcKtqY3HXAZ1uYtMDi1E3YCcbmqaSLfan1Qagi164Y1XkZGyBuBXjkrACQD6jVt7don_1KFXl5Omqy1zhtfwv0PRmntm2f7HuNdem9tD6sabTxaMN-ozqelnAiC9xmU", "qi": "IRIiT23pHJXqPqTD2H1ivanynhrHneRYUmjJV1k5AcxHYnajNb0qOY4iEVxwog-ozPxuvnKj9TlWRZqvp36EzYAOa0nTs89M62KXb71z-Zu9oOl33-3Xnr7WPYG3_FZHE89W8YEUqQ86Y6D00w8MOpV45_jKz64iiCe1MvBKSPc", "kty": "RSA"}
\ No newline at end of file
diff --git a/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/regr.json b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/regr.json
new file mode 100644
index 0000000..e05022c
--- /dev/null
+++ b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/b1df8a0a7a88e01d424d4d08a2873646/regr.json
@@ -0,0 +1 @@
+{"body": {}, "uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/19053712"}
\ No newline at end of file
diff --git a/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/meta.json b/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/meta.json
new file mode 100644
index 0000000..5c93398
--- /dev/null
+++ b/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/meta.json
@@ -0,0 +1 @@
+{"creation_dt": "2021-04-13T08:44:23Z", "creation_host": "helga.uhu-banane.de"}
\ No newline at end of file
diff --git a/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/private_key.json b/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/private_key.json
new file mode 100644
index 0000000..209aecb
--- /dev/null
+++ b/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/private_key.json
@@ -0,0 +1 @@
+{"n": "52e3kuxgGV-HPcpfU8NayEwDg8_EGH-plTo8ORvOd9GHUoJCoyxqmQYNSa4fYvEV952LFCrG71Ubw4hOp6HS1XR_Cbm2v4bKBU9kWta8TVSLiELeXOtXsxth2MyzA9YVl0K8DybHvT4IIg8G7EUL5dPNkOqYQ8DeWy0pEjfPthJZTzjWaX9CAfFso1ij3NvOyX3bxOxFf8bi1Kp2lJzni4iymva1UI9JbYXsjVo68Hv7rGix5i8379kf-bZLtUvgTBJ21Ugo6z_5qt5IHQcqS4E8JR8ZdTCEKhWpdgdvYTxBTEYs4uS2B0Ahsseq9NBZCgreirpxbrgeIEV0jOGq0Q", "e": "AQAB", "d": "Qw40DPhANLoQ55_wFcbDVM1qK1UWfv7ndl3Eu8vJ_cCS1R74Dm69iRBO4234nGQ-OF3HwpVOxmXEQNoL6NmkzcQPWBMf2MpHWliSPRyCvmnkcRzncMelxzoFFZzjtxXfddCZzE4xjS4fjzcJi4fKldPVesvwSZnnFUa14xiXMSv84ZBNzE1ex3slthfjEZZzFdVuoa0aXm7H3bWh0oUV7Xf7_r6o6Q6Z1SxZXoeks6FkRRB5lfLVoCVyoSigjZUV6QAU1hBbBHW_IlK6vEFtwd4Pqf_mkzWMSvD5OrcK69sf9SQmamSQQnbeoyfD0zkhnagJzwltMBFmWMwn_qpHHQ", "p": "-0ZDw-_k9s2_xmOY9bp3tSU8kR-9zDIJSIpb7opmD19ZlPU_xlin5NtzjaIP2Sx0aH_cU-vnKpaLRk7VobANBYLFfyhII2tN2mbsuU9PuVMNzXxoScjktFYXedEatbCB4_erPCrq_DVhdvnT0luB-PY8loIivFYjEPrjrUdubN8", "q": "68HLJO89srSzT8Vot9VmPAMRHvtZh1DTV46rxBCJogrqmpWR8uUXoENtNKWxWl_-I-PQNBpU1kUAi4rU_omm0dyChqgr8D6ER0zehe8T2NSYq6fRGmQ-VqYvHdB2L8AKbNsfE_K_tlrkmMRFNkkWO6TC-pN5ftvp-9JMKL-CLk8", "dp": "gcerznKEBrkD-PqOETTLCUN_QdFsHSAmzVGw48aVqhDsWtREqTQ3GywBRcDTgK7GPQb1DF9GWSfCLYEgM8-TGiqNyPxMLgcJAemxEJEXMzfjZCOCVcGt5jqlC2Tl77uHiu_rgDsGfVcwzNuB_R8IRUcgyffS6wVuPSHoICJJtW8", "dq": "TiimT21dOAS-OaEJsYB270hZAbt0l-7M0gdDnLGa33TdCDiz9SHMLl6MMtsHrB2M5JsfKFbeb1ba8mgpauV5v7NqNnhEcNZZBkZOs3pqSwVYQ_hT03sOS622ixzUQcpZ6nLOn89njW4ewSK4i2G5lDZwSaBgtBT2Qn0asJuk7fM", "qi": "jmQrY0GfpNajOfnkGHhaVbF5bS9o8vHfo7I4DlefRQDLJmm2MuFES99Ux68zVuPL1APz2ARomC0k9TgRbWcNKnnh2VqVMZJgvAMcvtu7jYLzLRZn4UBO-ThXLgOoYc8K-TJzhM7ZdmQexDJsl53u7BmlYbdF3lTSggYOw9OLLrM", "kty": "RSA"}
\ No newline at end of file
diff --git a/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/regr.json b/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/regr.json
new file mode 100644
index 0000000..66de1c0
--- /dev/null
+++ b/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ea47d6e6656dd977c998af55bc578517/regr.json
@@ -0,0 +1 @@
+{"body": {}, "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/119078474"}
\ No newline at end of file
diff --git a/letsencrypt/archive/mail.uhu-banane.eu/cert1.pem b/letsencrypt/archive/mail.uhu-banane.eu/cert1.pem
new file mode 100644
index 0000000..04d5a48
--- /dev/null
+++ b/letsencrypt/archive/mail.uhu-banane.eu/cert1.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsjCCBJqgAwIBAgISA/zzBuIMc+4ZPqoZzATOa6v+MA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMTA0MTMwNzQ0MzdaFw0yMTA3MTIwNzQ0MzdaMB0xGzAZBgNVBAMT
+Em1haWwudWh1LWJhbmFuZS5ldTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMB2KiReJonVDG/9o14AZlb7grk6W2CEhEsXtugWJeW5Xhgav6kISct4by7k
+VrCIZcsrQsnzYgY8etUyZUXKVRnXYbCUUYxRiJ0co7WpJBzFRnsOVNgyIKK+c9vs
+mTcLbFcJnEun6JbnsH2OS16OIIG8BhYvAImvemBI0hKQjjUw6Hh7wx9JzRmHmr7g
+VM2IkvKmh+6VDh3t6q+Wj3gKj6MCwcMcc/FTAg+DKTidTjJYkfFz6NRYl2rdesUy
+9+2zwUlP5ha8PLJlrOz8e8ZlkZ5zG+NxlH9POdFOOV68Yk40F7XTjRF44xzzh1Ol
+s0XHIqX3xn3RM7SQ3FvRb4xvaqkCAwEAAaOCAtUwggLRMA4GA1UdDwEB/wQEAwIF
+oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+BgNVHQ4EFgQU2osG5FjJKoviwjuBupWLtFd9C/IwHwYDVR0jBBgwFoAUFC6zF7dY
+VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
+Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
+Lm9yZy8wgaQGA1UdEQSBnDCBmYIVaGVsZ2EuYnJlaG0tYmVybGluLmRlghZoZWxn
+YS5icmVobS1vbmxpbmUuY29tghNoZWxnYS51aHUtYmFuYW5lLmRlghNoZWxnYS51
+aHUtYmFuYW5lLmV1ghRoZWxnYS51aHUtYmFuYW5lLm5ldIIUbWFpbC5icmVobS1i
+ZXJsaW4uZGWCEm1haWwudWh1LWJhbmFuZS5ldTBMBgNVHSAERTBDMAgGBmeBDAEC
+ATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl
+bmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AG9Tdqwx8DEZ2JkA
+pFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABeMpnaDAAAAQDAEcwRQIhAKpBQ7DxLMyx
+4aBKUjku9Xjv0wza3hnxsHO9pFIFnqTMAiB8qxCkt9uquu/ibXt45Q4+uhN1RpHs
+vV1AgFVV2PFcSQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAAB
+eMpnaNYAAAQDAEcwRQIhAJmUi8IJFBFJalM9KJaFPOi7AHGo7FbaS5HaCwMAeCmc
+AiAo7ps4lBywOHRYwxDeRa73u/xhDiqNAgJ7BZye9snctTANBgkqhkiG9w0BAQsF
+AAOCAQEAca/zdei31sB4k8tyTnrbVCJEi0hatHstpltlUFU7FQSe3WVDrbJjvi+d
+2jamFjd62BUChyNt09JpTjRmXKj5atVGgoaGXtB+RkIjD5YxYPPPAUYCoTH68EN+
+LzI2voE1epC6pIL6FXIkDYJUP3zP3l2laks51ADHpUT3JoZb+DTOLA4w5FR86Vy5
+QR8CU4CNKxvlYL5f6wRxsFKGqlolmcjdneB9Ieyxh8V3bCP19k45YQjRXUOXqWrq
+K+NsF+nHwy7DNJFnOp0HNMzOhKKfKNDMhTgrwy76BbzAubUtLw6oizLZZsaNH3Ih
+4zYEv2Ozz+On6VP0hQ0f155FO8We1Q==
+-----END CERTIFICATE-----
diff --git a/letsencrypt/archive/mail.uhu-banane.eu/chain1.pem b/letsencrypt/archive/mail.uhu-banane.eu/chain1.pem
new file mode 100644
index 0000000..1d82449
--- /dev/null
+++ b/letsencrypt/archive/mail.uhu-banane.eu/chain1.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
+MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
+AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
+jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
+Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
+U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
+gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
+/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
+oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
+ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
+p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
+AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
+Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
+LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
+r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
+ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
+S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
+qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
+O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
+UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
+-----END CERTIFICATE-----
diff --git a/letsencrypt/archive/mail.uhu-banane.eu/fullchain1.pem b/letsencrypt/archive/mail.uhu-banane.eu/fullchain1.pem
new file mode 100644
index 0000000..3419bf2
--- /dev/null
+++ b/letsencrypt/archive/mail.uhu-banane.eu/fullchain1.pem
@@ -0,0 +1,59 @@
+-----BEGIN CERTIFICATE-----
+MIIFsjCCBJqgAwIBAgISA/zzBuIMc+4ZPqoZzATOa6v+MA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMTA0MTMwNzQ0MzdaFw0yMTA3MTIwNzQ0MzdaMB0xGzAZBgNVBAMT
+Em1haWwudWh1LWJhbmFuZS5ldTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMB2KiReJonVDG/9o14AZlb7grk6W2CEhEsXtugWJeW5Xhgav6kISct4by7k
+VrCIZcsrQsnzYgY8etUyZUXKVRnXYbCUUYxRiJ0co7WpJBzFRnsOVNgyIKK+c9vs
+mTcLbFcJnEun6JbnsH2OS16OIIG8BhYvAImvemBI0hKQjjUw6Hh7wx9JzRmHmr7g
+VM2IkvKmh+6VDh3t6q+Wj3gKj6MCwcMcc/FTAg+DKTidTjJYkfFz6NRYl2rdesUy
+9+2zwUlP5ha8PLJlrOz8e8ZlkZ5zG+NxlH9POdFOOV68Yk40F7XTjRF44xzzh1Ol
+s0XHIqX3xn3RM7SQ3FvRb4xvaqkCAwEAAaOCAtUwggLRMA4GA1UdDwEB/wQEAwIF
+oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+BgNVHQ4EFgQU2osG5FjJKoviwjuBupWLtFd9C/IwHwYDVR0jBBgwFoAUFC6zF7dY
+VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
+Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
+Lm9yZy8wgaQGA1UdEQSBnDCBmYIVaGVsZ2EuYnJlaG0tYmVybGluLmRlghZoZWxn
+YS5icmVobS1vbmxpbmUuY29tghNoZWxnYS51aHUtYmFuYW5lLmRlghNoZWxnYS51
+aHUtYmFuYW5lLmV1ghRoZWxnYS51aHUtYmFuYW5lLm5ldIIUbWFpbC5icmVobS1i
+ZXJsaW4uZGWCEm1haWwudWh1LWJhbmFuZS5ldTBMBgNVHSAERTBDMAgGBmeBDAEC
+ATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl
+bmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AG9Tdqwx8DEZ2JkA
+pFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABeMpnaDAAAAQDAEcwRQIhAKpBQ7DxLMyx
+4aBKUjku9Xjv0wza3hnxsHO9pFIFnqTMAiB8qxCkt9uquu/ibXt45Q4+uhN1RpHs
+vV1AgFVV2PFcSQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAAB
+eMpnaNYAAAQDAEcwRQIhAJmUi8IJFBFJalM9KJaFPOi7AHGo7FbaS5HaCwMAeCmc
+AiAo7ps4lBywOHRYwxDeRa73u/xhDiqNAgJ7BZye9snctTANBgkqhkiG9w0BAQsF
+AAOCAQEAca/zdei31sB4k8tyTnrbVCJEi0hatHstpltlUFU7FQSe3WVDrbJjvi+d
+2jamFjd62BUChyNt09JpTjRmXKj5atVGgoaGXtB+RkIjD5YxYPPPAUYCoTH68EN+
+LzI2voE1epC6pIL6FXIkDYJUP3zP3l2laks51ADHpUT3JoZb+DTOLA4w5FR86Vy5
+QR8CU4CNKxvlYL5f6wRxsFKGqlolmcjdneB9Ieyxh8V3bCP19k45YQjRXUOXqWrq
+K+NsF+nHwy7DNJFnOp0HNMzOhKKfKNDMhTgrwy76BbzAubUtLw6oizLZZsaNH3Ih
+4zYEv2Ozz+On6VP0hQ0f155FO8We1Q==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
+MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
+AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
+jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
+Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
+U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
+gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
+/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
+oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
+ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
+p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
+AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
+Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
+LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
+r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
+ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
+S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
+qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
+O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
+UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
+-----END CERTIFICATE-----
diff --git a/letsencrypt/archive/mail.uhu-banane.eu/privkey1.pem b/letsencrypt/archive/mail.uhu-banane.eu/privkey1.pem
new file mode 100644
index 0000000..3ec969a
--- /dev/null
+++ b/letsencrypt/archive/mail.uhu-banane.eu/privkey1.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDAdiokXiaJ1Qxv
+/aNeAGZW+4K5OltghIRLF7boFiXluV4YGr+pCEnLeG8u5FawiGXLK0LJ82IGPHrV
+MmVFylUZ12GwlFGMUYidHKO1qSQcxUZ7DlTYMiCivnPb7Jk3C2xXCZxLp+iW57B9
+jktejiCBvAYWLwCJr3pgSNISkI41MOh4e8MfSc0Zh5q+4FTNiJLypofulQ4d7eqv
+lo94Co+jAsHDHHPxUwIPgyk4nU4yWJHxc+jUWJdq3XrFMvfts8FJT+YWvDyyZazs
+/HvGZZGecxvjcZR/TznRTjlevGJONBe1040ReOMc84dTpbNFxyKl98Z90TO0kNxb
+0W+Mb2qpAgMBAAECggEAGdxG0VgtSXvtDedA2lKnbayh5g2nVZK4y/ZFx22ibfm4
+YPjHJAlPER3/oodf9px9QQ1xDf28ACaEQr1gyj3jrXM5Vya2xmn2N1Yv0SsHBS6k
+x8gnMl2Z8QQyQSzLcZABYLiT3b6UDCLZniVOj0f9qjD/iF+MbPO9N87RG1l9IjxR
+5+v8xEd/2BkmdRhouQDzN31OVLNWfu1vZj6yikKVUCqThJaQBg+d9NERw+tkUXQt
+LHP5+/GmhK2aWtKMQ7clO5s3ofGp2VgDhXLYlMAIPeSJfIe0euwQDWAghxvyDMtd
+eg4OMmX7EJWqW9UU87vXfOg4Dr0KOn02im7NwzAueQKBgQD+0BRZ/3alYxOGYANm
+zStQT66z//z8RGadhljJHQKbQmhtxH+PczMSFYY6gF4bc5xcisle+QXGuWFbgsI1
+RxG0HN3FwW3NX74vFcw91y7x/oRzN/wh/cViQZG88cO/ap/bZ5yDpOgdJ0uQ9CUH
+F1YOLterh9fenjeAcgEgrPof7wKBgQDBW7evWjEb+sy68NUzuyBhCDyOoFgi/nNo
+Q8BW3oQZvbESJM9XmJcDF7ocN17DNCsCZF18xu0ccWidTKWyP0X8HbkGE8z1T7Fo
+omJ51SXZiVm3dwm9FY16BuwqWeMIJrEut5ULnsuSFJEG5mijFmfqhebsa1TDDD+h
+WGtPONMG5wKBgDKAkRgJPr2mtk7yppnwXf5L3KdGPCDPebsMznoFqueUsNfYkyOe
+RGf4JiNgH8a3Ei1xQFn3ZwKs6TPW5aDjlgmpkvbH0Hhc2nfAjTtQc7h4pk2jsfAW
+uNExh634CMDeZBJ7JZUd0Pc+O4beLJyMLn0fIZWYldtEZmGptrmALw63AoGAeRF/
+mukjNLy9shOXuzNg28C3gip95TNjeZZqeToMhr2SgKTRuqxNad9SZdZ5nEou3+mN
+69H2p0ePVGaonUom/OxzbI27WKJUmAqNFHHUqDfrGAgN7fnvwsdQ2le74t+vM2w5
+g7QjDM2Z3TMps2wVFvBOnhu6UAJ8WP8u+cS/xWMCgYBQZXAgbmUQNG+0hO1iHSco
+KDRpkaELj31W7U/tM2przAu3mKeCS3qi0jTFJzfE8V5X0gW9FDCAQczVIfk85Ze9
+F3mFCj6Tiua8fnlVOBjoB9C83W+gb9AoYtR1sjo49aRYvrVPQBS0+0fANJgmwxqG
+1hPSQzYedLGPZn7ZHtNGbQ==
+-----END PRIVATE KEY-----
diff --git a/letsencrypt/csr/0000_csr-certbot.pem b/letsencrypt/csr/0000_csr-certbot.pem
new file mode 100644
index 0000000..c22e5c7
--- /dev/null
+++ b/letsencrypt/csr/0000_csr-certbot.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDATCCAekCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB2
+KiReJonVDG/9o14AZlb7grk6W2CEhEsXtugWJeW5Xhgav6kISct4by7kVrCIZcsr
+QsnzYgY8etUyZUXKVRnXYbCUUYxRiJ0co7WpJBzFRnsOVNgyIKK+c9vsmTcLbFcJ
+nEun6JbnsH2OS16OIIG8BhYvAImvemBI0hKQjjUw6Hh7wx9JzRmHmr7gVM2IkvKm
+h+6VDh3t6q+Wj3gKj6MCwcMcc/FTAg+DKTidTjJYkfFz6NRYl2rdesUy9+2zwUlP
+5ha8PLJlrOz8e8ZlkZ5zG+NxlH9POdFOOV68Yk40F7XTjRF44xzzh1Ols0XHIqX3
+xn3RM7SQ3FvRb4xvaqkCAwEAAaCBuzCBuAYJKoZIhvcNAQkOMYGqMIGnMIGkBgNV
+HREEgZwwgZmCEm1haWwudWh1LWJhbmFuZS5ldYIUbWFpbC5icmVobS1iZXJsaW4u
+ZGWCFGhlbGdhLnVodS1iYW5hbmUubmV0ghNoZWxnYS51aHUtYmFuYW5lLmV1ghNo
+ZWxnYS51aHUtYmFuYW5lLmRlghZoZWxnYS5icmVobS1vbmxpbmUuY29tghVoZWxn
+YS5icmVobS1iZXJsaW4uZGUwDQYJKoZIhvcNAQELBQADggEBAAuBMUthes6+XZLF
+fULcPJVTDosbqWJcaTto7jzoLEh3/QPAVjlHV1gCf+US7fDwFELLJUO9r66VqASa
+tD6rlu+Yc7/DndwFfGBNtBtX5TdUqoKWJSBg1ckSE0fSOE9Mr9WajPWWwXhMvN7A
+DRZUILC0W3BFPXArbRSRdcv3UQ129SE0LL1ozAzhSTV6jbQ6bJ8L6dTtPoq7elNW
+FjQOuvVzSGByvzX2cwwYioiF+lcHqS5D/EQLlZVIC89NZ/GbTZQDkZ28PY7iXuFI
+L96/aFhuW33blUXsAjphFPtl4xeYDVK0X02aX/tncr5XWMMzyrFAHFz1Kolz7e23
+75hL18k=
+-----END CERTIFICATE REQUEST-----
diff --git a/letsencrypt/keys/0000_key-certbot.pem b/letsencrypt/keys/0000_key-certbot.pem
new file mode 100644
index 0000000..3ec969a
--- /dev/null
+++ b/letsencrypt/keys/0000_key-certbot.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDAdiokXiaJ1Qxv
+/aNeAGZW+4K5OltghIRLF7boFiXluV4YGr+pCEnLeG8u5FawiGXLK0LJ82IGPHrV
+MmVFylUZ12GwlFGMUYidHKO1qSQcxUZ7DlTYMiCivnPb7Jk3C2xXCZxLp+iW57B9
+jktejiCBvAYWLwCJr3pgSNISkI41MOh4e8MfSc0Zh5q+4FTNiJLypofulQ4d7eqv
+lo94Co+jAsHDHHPxUwIPgyk4nU4yWJHxc+jUWJdq3XrFMvfts8FJT+YWvDyyZazs
+/HvGZZGecxvjcZR/TznRTjlevGJONBe1040ReOMc84dTpbNFxyKl98Z90TO0kNxb
+0W+Mb2qpAgMBAAECggEAGdxG0VgtSXvtDedA2lKnbayh5g2nVZK4y/ZFx22ibfm4
+YPjHJAlPER3/oodf9px9QQ1xDf28ACaEQr1gyj3jrXM5Vya2xmn2N1Yv0SsHBS6k
+x8gnMl2Z8QQyQSzLcZABYLiT3b6UDCLZniVOj0f9qjD/iF+MbPO9N87RG1l9IjxR
+5+v8xEd/2BkmdRhouQDzN31OVLNWfu1vZj6yikKVUCqThJaQBg+d9NERw+tkUXQt
+LHP5+/GmhK2aWtKMQ7clO5s3ofGp2VgDhXLYlMAIPeSJfIe0euwQDWAghxvyDMtd
+eg4OMmX7EJWqW9UU87vXfOg4Dr0KOn02im7NwzAueQKBgQD+0BRZ/3alYxOGYANm
+zStQT66z//z8RGadhljJHQKbQmhtxH+PczMSFYY6gF4bc5xcisle+QXGuWFbgsI1
+RxG0HN3FwW3NX74vFcw91y7x/oRzN/wh/cViQZG88cO/ap/bZ5yDpOgdJ0uQ9CUH
+F1YOLterh9fenjeAcgEgrPof7wKBgQDBW7evWjEb+sy68NUzuyBhCDyOoFgi/nNo
+Q8BW3oQZvbESJM9XmJcDF7ocN17DNCsCZF18xu0ccWidTKWyP0X8HbkGE8z1T7Fo
+omJ51SXZiVm3dwm9FY16BuwqWeMIJrEut5ULnsuSFJEG5mijFmfqhebsa1TDDD+h
+WGtPONMG5wKBgDKAkRgJPr2mtk7yppnwXf5L3KdGPCDPebsMznoFqueUsNfYkyOe
+RGf4JiNgH8a3Ei1xQFn3ZwKs6TPW5aDjlgmpkvbH0Hhc2nfAjTtQc7h4pk2jsfAW
+uNExh634CMDeZBJ7JZUd0Pc+O4beLJyMLn0fIZWYldtEZmGptrmALw63AoGAeRF/
+mukjNLy9shOXuzNg28C3gip95TNjeZZqeToMhr2SgKTRuqxNad9SZdZ5nEou3+mN
+69H2p0ePVGaonUom/OxzbI27WKJUmAqNFHHUqDfrGAgN7fnvwsdQ2le74t+vM2w5
+g7QjDM2Z3TMps2wVFvBOnhu6UAJ8WP8u+cS/xWMCgYBQZXAgbmUQNG+0hO1iHSco
+KDRpkaELj31W7U/tM2przAu3mKeCS3qi0jTFJzfE8V5X0gW9FDCAQczVIfk85Ze9
+F3mFCj6Tiua8fnlVOBjoB9C83W+gb9AoYtR1sjo49aRYvrVPQBS0+0fANJgmwxqG
+1hPSQzYedLGPZn7ZHtNGbQ==
+-----END PRIVATE KEY-----
diff --git a/letsencrypt/live/README b/letsencrypt/live/README
new file mode 100644
index 0000000..00b733c
--- /dev/null
+++ b/letsencrypt/live/README
@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`[cert name]/privkey.pem`  : the private key for your certificate.
+`[cert name]/fullchain.pem`: the certificate file used in most server software.
+`[cert name]/chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`[cert name]/cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.
diff --git a/letsencrypt/live/mail.uhu-banane.eu/README b/letsencrypt/live/mail.uhu-banane.eu/README
new file mode 100644
index 0000000..5050078
--- /dev/null
+++ b/letsencrypt/live/mail.uhu-banane.eu/README
@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`privkey.pem`  : the private key for your certificate.
+`fullchain.pem`: the certificate file used in most server software.
+`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.
diff --git a/letsencrypt/live/mail.uhu-banane.eu/cert.pem b/letsencrypt/live/mail.uhu-banane.eu/cert.pem
new file mode 120000
index 0000000..6a39839
--- /dev/null
+++ b/letsencrypt/live/mail.uhu-banane.eu/cert.pem
@@ -0,0 +1 @@
+../../archive/mail.uhu-banane.eu/cert1.pem
\ No newline at end of file
diff --git a/letsencrypt/live/mail.uhu-banane.eu/chain.pem b/letsencrypt/live/mail.uhu-banane.eu/chain.pem
new file mode 120000
index 0000000..5b7442c
--- /dev/null
+++ b/letsencrypt/live/mail.uhu-banane.eu/chain.pem
@@ -0,0 +1 @@
+../../archive/mail.uhu-banane.eu/chain1.pem
\ No newline at end of file
diff --git a/letsencrypt/live/mail.uhu-banane.eu/fullchain.pem b/letsencrypt/live/mail.uhu-banane.eu/fullchain.pem
new file mode 120000
index 0000000..3cb320a
--- /dev/null
+++ b/letsencrypt/live/mail.uhu-banane.eu/fullchain.pem
@@ -0,0 +1 @@
+../../archive/mail.uhu-banane.eu/fullchain1.pem
\ No newline at end of file
diff --git a/letsencrypt/live/mail.uhu-banane.eu/privkey.pem b/letsencrypt/live/mail.uhu-banane.eu/privkey.pem
new file mode 120000
index 0000000..b66051b
--- /dev/null
+++ b/letsencrypt/live/mail.uhu-banane.eu/privkey.pem
@@ -0,0 +1 @@
+../../archive/mail.uhu-banane.eu/privkey1.pem
\ No newline at end of file
diff --git a/letsencrypt/renewal/mail.uhu-banane.eu.conf b/letsencrypt/renewal/mail.uhu-banane.eu.conf
new file mode 100644
index 0000000..6b93ffd
--- /dev/null
+++ b/letsencrypt/renewal/mail.uhu-banane.eu.conf
@@ -0,0 +1,22 @@
+# renew_before_expiry = 30 days
+version = 0.31.0
+archive_dir = /etc/letsencrypt/archive/mail.uhu-banane.eu
+cert = /etc/letsencrypt/live/mail.uhu-banane.eu/cert.pem
+privkey = /etc/letsencrypt/live/mail.uhu-banane.eu/privkey.pem
+chain = /etc/letsencrypt/live/mail.uhu-banane.eu/chain.pem
+fullchain = /etc/letsencrypt/live/mail.uhu-banane.eu/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = ea47d6e6656dd977c998af55bc578517
+authenticator = webroot
+webroot_path = /var/www/html,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+helga.brehm-berlin.de = /var/www/html
+helga.brehm-online.com = /var/www/html
+helga.uhu-banane.de = /var/www/html
+helga.uhu-banane.eu = /var/www/html
+helga.uhu-banane.net = /var/www/html
+mail.brehm-berlin.de = /var/www/html
+mail.uhu-banane.eu = /var/www/html
diff --git a/motd b/motd
index bad1628..cfb40bb 100644
--- a/motd
+++ b/motd
@@ -6,8 +6,8 @@ Debian GNU/Linux 10 (buster)
 |_| |_|\___|_|\__, |\__,_|
               |___/       
 
-25 Jahre alt und schon keine Ziele mehr.
-		-- Mehmet Scholl (nach dem gewonnen EM-Finale 1996)
+UnglÃ¼ck wird zu GlÃ¼ck, indem man es bejaht.
+		-- Hermann Hesse
 
 Today is Pungenday, the 30th day of Discord in the YOLD 3187
 
diff --git a/mysql/mariadb.conf.d/50-server.cnf b/mysql/mariadb.conf.d/50-server.cnf
index e7e88ef..e830846 100644
--- a/mysql/mariadb.conf.d/50-server.cnf
+++ b/mysql/mariadb.conf.d/50-server.cnf
@@ -88,6 +88,10 @@ expire_logs_days        = 10
 #ssl-ca = /etc/mysql/cacert.pem
 #ssl-cert = /etc/mysql/server-cert.pem
 #ssl-key = /etc/mysql/server-key.pem
+ssl-ca = /etc/ssl/certs/iRedMail.crt
+ssl-cert = /etc/ssl/certs/iRedMail.crt
+ssl-key = /etc/ssl/private/iRedMail.key
+
 #
 # Accept only connections using the latest and most secure TLS protocol version.
 # ..when MariaDB is compiled with OpenSSL:
diff --git a/nginx/nginx.conf.2021.04.08.22.02.11 b/nginx/nginx.conf.2021.04.08.22.02.11
deleted file mode 100644
index 132f680..0000000
--- a/nginx/nginx.conf.2021.04.08.22.02.11
+++ /dev/null
@@ -1,85 +0,0 @@
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
-	worker_connections 768;
-	# multi_accept on;
-}
-
-http {
-
-	##
-	# Basic Settings
-	##
-
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	keepalive_timeout 65;
-	types_hash_max_size 2048;
-	# server_tokens off;
-
-	# server_names_hash_bucket_size 64;
-	# server_name_in_redirect off;
-
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-
-	##
-	# SSL Settings
-	##
-
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
-	ssl_prefer_server_ciphers on;
-
-	##
-	# Logging Settings
-	##
-
-	access_log /var/log/nginx/access.log;
-	error_log /var/log/nginx/error.log;
-
-	##
-	# Gzip Settings
-	##
-
-	gzip on;
-
-	# gzip_vary on;
-	# gzip_proxied any;
-	# gzip_comp_level 6;
-	# gzip_buffers 16 8k;
-	# gzip_http_version 1.1;
-	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-	##
-	# Virtual Host Configs
-	##
-
-	include /etc/nginx/conf.d/*.conf;
-	include /etc/nginx/sites-enabled/*;
-}
-
-
-#mail {
-#	# See sample authentication script at:
-#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-# 
-#	# auth_http localhost/auth.php;
-#	# pop3_capabilities "TOP" "USER";
-#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-# 
-#	server {
-#		listen     localhost:110;
-#		protocol   pop3;
-#		proxy      on;
-#	}
-# 
-#	server {
-#		listen     localhost:143;
-#		protocol   imap;
-#		proxy      on;
-#	}
-#}
diff --git a/nginx/sites-available.bak/default b/nginx/sites-available.bak/default
deleted file mode 100644
index f5c5e1b..0000000
--- a/nginx/sites-available.bak/default
+++ /dev/null
@@ -1,91 +0,0 @@
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-# https://www.nginx.com/resources/wiki/start/
-# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
-# https://wiki.debian.org/Nginx/DirectoryStructure
-#
-# In most cases, administrators will remove this file from sites-enabled/ and
-# leave it as reference inside of sites-available where it will continue to be
-# updated by the nginx packaging team.
-#
-# This file will automatically load configuration files provided by other
-# applications, such as Drupal or Wordpress. These applications will be made
-# available underneath a path with that package name, such as /drupal8.
-#
-# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
-##
-
-# Default server configuration
-#
-server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
-	# SSL configuration
-	#
-	# listen 443 ssl default_server;
-	# listen [::]:443 ssl default_server;
-	#
-	# Note: You should disable gzip for SSL traffic.
-	# See: https://bugs.debian.org/773332
-	#
-	# Read up on ssl_ciphers to ensure a secure configuration.
-	# See: https://bugs.debian.org/765782
-	#
-	# Self signed certs generated by the ssl-cert package
-	# Don't use them in a production server!
-	#
-	# include snippets/snakeoil.conf;
-
-	root /var/www/html;
-
-	# Add index.php to the list if you are using PHP
-	index index.html index.htm index.nginx-debian.html;
-
-	server_name _;
-
-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
-		try_files $uri $uri/ =404;
-	}
-
-	# pass PHP scripts to FastCGI server
-	#
-	#location ~ \.php$ {
-	#	include snippets/fastcgi-php.conf;
-	#
-	#	# With php-fpm (or other unix sockets):
-	#	fastcgi_pass unix:/run/php/php7.3-fpm.sock;
-	#	# With php-cgi (or other tcp sockets):
-	#	fastcgi_pass 127.0.0.1:9000;
-	#}
-
-	# deny access to .htaccess files, if Apache's document root
-	# concurs with nginx's one
-	#
-	#location ~ /\.ht {
-	#	deny all;
-	#}
-}
-
-
-# Virtual Host configuration for example.com
-#
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
-#
-#server {
-#	listen 80;
-#	listen [::]:80;
-#
-#	server_name example.com;
-#
-#	root /var/www/example.com;
-#	index index.html;
-#
-#	location / {
-#		try_files $uri $uri/ =404;
-#	}
-#}
diff --git a/nginx/sites-enabled.bak/default b/nginx/sites-enabled.bak/default
deleted file mode 120000
index ad35b83..0000000
--- a/nginx/sites-enabled.bak/default
+++ /dev/null
@@ -1 +0,0 @@
-/etc/nginx/sites-available/default
\ No newline at end of file
diff --git a/postfix/aliases b/postfix/aliases
index 5947f3b..523c9a2 100644
--- a/postfix/aliases
+++ b/postfix/aliases
@@ -1,10 +1,44 @@
 # See man 5 aliases for format
-postmaster:    root
-#clamav: root
-nobody: root
-vmail: root
-root: postmaster@brehm-berlin.de
-www-data: root
-clamav: root
-amavis: root
-iredapd: root
+
+adm:		root
+amavis:		postmaster
+apache:		webmaster
+apt:		frank
+bind:		hostmaster
+clamav:		root
+daemon:		root
+fail2ban:	root
+f-brehm:	frank
+f.brehm:	frank
+fbr:		frank
+fbrehm:		frank
+frak:		frank
+frank-brehm:	frank
+frank.brehm:	frank
+frank:		frank@brehm-online.com
+hostmaster:	root
+iredapd:	root
+mail:		postmaster
+mailer-daemon:	postmaster
+me:		frank
+nagios:		root
+named:		hostmaster
+news:		root
+nginx:		webmaster
+nobody:		noreply
+noreply:	/dev/null
+package:	frank
+packages:	frank
+portage:	frank
+postfix:	postmaster
+postmaster:	frank@brehm-online.com
+root:		frank
+security:	root
+usenet:		news
+uucp:		root
+virusalert:	root
+vmail:		root
+webmaster:	root
+www:		webmaster
+www-data:	webmaster
+
diff --git a/postfix/aliases.db b/postfix/aliases.db
index a06b976fb7adcd8c90d4b79972792f143c11889a..bd04359c14e083788fe06757d811d74591ba8364 100644
GIT binary patch
literal 12288
zcmeI1J!lj`6vt=7Au2k58?_QF<Hsc?g0WCYBoP9MhC~F5B+T7TZa3L4cW-l-MzBx|
z6|vAlNFg?YAQqA)pje1j5i21@NM#VLto%Um?d|Q|CR$ht!W(X9XXefP-|Vk@{}Vz8
zgPx?Rz1zf&WUz;x?a4rhj`X#ue_1F9gW?m`ky9g`X(-Xibdr^$r1Ac?HMMm;-OW7{
zU;<2l2`~XBzyz286JP>NfC(@GCh)HbY^~9ciE$}*|HOBE!W!OT8B2JE$5_NY+`$c8
zMID#nKw}aYF@|BB!C@T0KI}vR0^j5pxgpo&2e~5O$YuFRF3S7zmb@;n$hvf8MNUe}
zz>Nto0Vco%m;e)C0!)AjFaajO1paFRMopJo6;*X8j9RT$G*wjzBlP_$&D$YQ*CJuW
zk@hqN(r~29acEZ;gfSB;Z!TMIO!`Zqw%nrcIku;}%DyX%z>lg~rsjdb538!8TLOV9
z&o$=x%oW?Kw|2O+In8eUF4s`)YGiI6_`@}tsoO8Qcs9u&rPUHK$wHZIn%q>{^}XyW
zWk<PceiJW6pJKJ{s!aNROFI?S6<cw!q&!7bOl@2mn;spQxG*$6eQscM$mluIbMkm^
zAN5IOgd)?U=Ld(+4i60){epf;OX~mp|NNce3Dy5!@fjOf$0}Cv8ZYo1Pw@~Ba2Gdm
z4GWmXRI~a&jXw0?5DsELcA*15sQ&*b*X1hJ|8M0hasZYjDRN^1On?b60Vco%m;e)C
z0!)AjFaaj;Hw5zT0T~Nftvv54+i6YgFpiX?!<MHI$K_zNRgl;QGj`hnXnF+XMs%Bc
zzT1l(lJopf2M#$Axk1S{X(6rGQ~M%s8F<RoW-F{Jwoi(Aiz2zF4#^KmEB&pZ?5G`T
sQw5}y83l<IQfwLtY4RCT>ZO{$y(f$3FI2L<wu%afNIqp^FxZj!1(%yJ3;+NC

delta 274
zcmZojXh@h~!<Kw>cj6t3$^ZDp7`Zn_?&eqGW60!Z;Qh=0i~lA6J^u6jyZJZsujOCJ
zKbwCle<goDe<uINLSz0w#-jZE5(dWd@^amj#F9h?#)ACflHA1NlGGxHq@vV}T-~J9
zqMXb;y_8f2s9J~)ggTgba!z7yV%g+f@*3>smWD=#mWGpG%4_R!Fq{B7<OlyJphF(>
z-{!x{e~uq00tfq9SQr>N7#NUzz_2kgpWgy%U0H5oW)94by!@p6lu8&cvnVwsu^<J;
K1zDe2%m4ss%U9z7

diff --git a/postfix/helo_access.pcre.2021.04.08.22.02.11 b/postfix/helo_access.pcre.2021.04.08.22.02.11
deleted file mode 100644
index e69de29..0000000
diff --git a/postfix/main.cf b/postfix/main.cf
index dd0798a..a1f2119 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -235,9 +235,9 @@ virtual_alias_domains =
 #smtpd_tls_auth_only = yes
 
 # hostname
-myhostname = helga.uhu-banane.de
-myorigin = helga.uhu-banane.de
-mydomain = helga.uhu-banane.de
+myhostname = mail.brehm-berlin.de
+myorigin = mail.brehm-berlin.de
+mydomain = brehm-berlin.de
 
 # trusted SMTP clients which are allowed to relay mail through Postfix.
 #
@@ -247,16 +247,16 @@ mydomain = helga.uhu-banane.de
 #
 #       MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
 #
-mynetworks = 127.0.0.1 [::1]
+mynetworks = 127.0.0.1, [::1], 188.34.187.246, [2a01:4f8:c010:80ee::]/64, [fe80::9400:ff:fea8:762]
 
 # Accepted local emails
-mydestination = $myhostname, localhost, localhost.localdomain
+mydestination = $myhostname, helga, helga.uhu-banane.de, helga.$mydomain, localhost, localhost.localdomain
 
 alias_maps = hash:/etc/postfix/aliases
 alias_database = hash:/etc/postfix/aliases
 
 # Default message_size_limit.
-message_size_limit = 15728640
+message_size_limit = 52428800
 
 # The set of characters that can separate a user name from its extension
 # (example: user+foo), or a .forward file name from its extension (example:
@@ -315,9 +315,9 @@ recipient_bcc_maps =
 #
 # Postscreen
 #
-postscreen_greet_action = drop
-postscreen_blacklist_action = drop
-postscreen_dnsbl_action = drop
+postscreen_greet_action = enforce
+postscreen_blacklist_action = enforce
+postscreen_dnsbl_action = enforce
 postscreen_dnsbl_threshold = 2
 
 # Attention:
@@ -337,7 +337,7 @@ postscreen_dnsbl_sites =
     b.barracudacentral.org=127.0.0.2*2
 
 postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
-postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
+postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
 
 # Require Postfix-2.11+
 postscreen_dnsbl_whitelist_threshold = -2
@@ -362,3 +362,8 @@ content_filter = smtp-amavis:[127.0.0.1]:10024
 
 # Concurrency per recipient limit.
 smtp-amavis_destination_recipient_limit = 1
+
+# Frank Brehm spezial
+smtpd_banner = $myhostname ESMTP $mail_name $mail_version
+smtpd_sasl_authenticated_header = yes
+smtpd_tls_received_header = yes
diff --git a/postfix/main.cf.2021.04.08.22.02.11 b/postfix/main.cf.2021.04.08.22.02.11
deleted file mode 100644
index 8623373..0000000
--- a/postfix/main.cf.2021.04.08.22.02.11
+++ /dev/null
@@ -1,48 +0,0 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = helga.uhu-banane.de
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = $myhostname, helga.uhu-banane.de, localhost.uhu-banane.de, , localhost
-relayhost = 
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_command = procmail -a "$EXTENSION"
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all
diff --git a/postfix/master.cf.2021.04.08.22.02.11 b/postfix/master.cf.2021.04.08.22.02.11
deleted file mode 100644
index ea53632..0000000
--- a/postfix/master.cf.2021.04.08.22.02.11
+++ /dev/null
@@ -1,127 +0,0 @@
-#
-# Postfix master process configuration file.  For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master" or
-# on-line: http://www.postfix.org/master.5.html).
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (no)    (never) (100)
-# ==========================================================================
-smtp      inet  n       -       y       -       -       smtpd
-#smtp      inet  n       -       y       -       1       postscreen
-#smtpd     pass  -       -       y       -       -       smtpd
-#dnsblog   unix  -       -       y       -       0       dnsblog
-#tlsproxy  unix  -       -       y       -       0       tlsproxy
-#submission inet n       -       y       -       -       smtpd
-#  -o syslog_name=postfix/submission
-#  -o smtpd_tls_security_level=encrypt
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_tls_auth_only=yes
-#  -o smtpd_reject_unlisted_recipient=no
-#  -o smtpd_client_restrictions=$mua_client_restrictions
-#  -o smtpd_helo_restrictions=$mua_helo_restrictions
-#  -o smtpd_sender_restrictions=$mua_sender_restrictions
-#  -o smtpd_recipient_restrictions=
-#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-#smtps     inet  n       -       y       -       -       smtpd
-#  -o syslog_name=postfix/smtps
-#  -o smtpd_tls_wrappermode=yes
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_reject_unlisted_recipient=no
-#  -o smtpd_client_restrictions=$mua_client_restrictions
-#  -o smtpd_helo_restrictions=$mua_helo_restrictions
-#  -o smtpd_sender_restrictions=$mua_sender_restrictions
-#  -o smtpd_recipient_restrictions=
-#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-#628       inet  n       -       y       -       -       qmqpd
-pickup    unix  n       -       y       60      1       pickup
-cleanup   unix  n       -       y       -       0       cleanup
-qmgr      unix  n       -       n       300     1       qmgr
-#qmgr     unix  n       -       n       300     1       oqmgr
-tlsmgr    unix  -       -       y       1000?   1       tlsmgr
-rewrite   unix  -       -       y       -       -       trivial-rewrite
-bounce    unix  -       -       y       -       0       bounce
-defer     unix  -       -       y       -       0       bounce
-trace     unix  -       -       y       -       0       bounce
-verify    unix  -       -       y       -       1       verify
-flush     unix  n       -       y       1000?   0       flush
-proxymap  unix  -       -       n       -       -       proxymap
-proxywrite unix -       -       n       -       1       proxymap
-smtp      unix  -       -       y       -       -       smtp
-relay     unix  -       -       y       -       -       smtp
-        -o syslog_name=postfix/$service_name
-#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       y       -       -       showq
-error     unix  -       -       y       -       -       error
-retry     unix  -       -       y       -       -       error
-discard   unix  -       -       y       -       -       discard
-local     unix  -       n       n       -       -       local
-virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       y       -       -       lmtp
-anvil     unix  -       -       y       -       1       anvil
-scache    unix  -       -       y       -       1       scache
-postlog   unix-dgram n  -       n       -       1       postlogd
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent.  See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop  unix  -       n       n       -       -       pipe
-  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-#  mailbox_transport = lmtp:inet:localhost
-#  virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix  -       n       n       -       -       pipe
-#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp      unix  -       n       n       -       -       pipe
-  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail    unix  -       n       n       -       -       pipe
-  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp     unix  -       n       n       -       -       pipe
-  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix	-	n	n	-	2	pipe
-  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman   unix  -       n       n       -       -       pipe
-  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-  ${nexthop} ${user}
-
diff --git a/postfix/postscreen_access.cidr b/postfix/postscreen_access.cidr
index 20b00cc..dec0340 100644
--- a/postfix/postscreen_access.cidr
+++ b/postfix/postscreen_access.cidr
@@ -3,4 +3,6 @@
 #2.3.4.5 reject
 
 # Permit local clients
-127.0.0.0/8 permit
+127.0.0.0/8			permit
+2a01:4f8:c010:80ee::/64		permit
+
diff --git a/ssl/certs/iRedMail.crt b/ssl/certs/iRedMail.crt
deleted file mode 100644
index 46fd586..0000000
--- a/ssl/certs/iRedMail.crt
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGLzCCBBegAwIBAgIUUDTsI1RzjR/xSTdy6Ynw0lEl1oUwDQYJKoZIhvcNAQEL
-BQAwgaYxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxETAPBgNVBAcM
-CFNoZW5aaGVuMRwwGgYDVQQKDBNoZWxnYS51aHUtYmFuYW5lLmRlMQswCQYDVQQL
-DAJJVDEcMBoGA1UEAwwTaGVsZ2EudWh1LWJhbmFuZS5kZTEnMCUGCSqGSIb3DQEJ
-ARYYcm9vdEBoZWxnYS51aHUtYmFuYW5lLmRlMB4XDTIxMDQwODIwMDIzMVoXDTMx
-MDQwNjIwMDIzMVowgaYxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0Rvbmcx
-ETAPBgNVBAcMCFNoZW5aaGVuMRwwGgYDVQQKDBNoZWxnYS51aHUtYmFuYW5lLmRl
-MQswCQYDVQQLDAJJVDEcMBoGA1UEAwwTaGVsZ2EudWh1LWJhbmFuZS5kZTEnMCUG
-CSqGSIb3DQEJARYYcm9vdEBoZWxnYS51aHUtYmFuYW5lLmRlMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAyft3/rLPQDxUEZ8FrkmTqtLPssxy8p+hYh0G
-P40UwB0s/B+gAU7t/Dut+i8Gl+sLdjb2hVus7j3Qq36vpe+pMyG3R3Cg5vhgQDAN
-5nnUYxSLL3jo24dyYsGjpIaxBA0UpR0I1l6+vSH+Ogl3SOtvDJ7mJSD3btLDDAcl
-MRhhVYFox45OQVbrz6waza7+mfBC6uRGWzwUi09Whn21GX7F5g6YrvLmcflDc2IO
-mSwTmlG5V/pbTw6NtyqYEm7Dr179Uogd6gU92mQNA76kJi0I/MnAkwWNL//ASw3e
-b7mkjgxUMgN/RFzpvLl4QJsoA7DEOTPF4yuqrHhnWSU8Ctztjfj6R8sPXfy5s5Ot
-fZFZeGotFagTt7UmxUQHVb9MP0S+eSYAhLKz/8cH24OWzkeoyBeD8aXCUmsbDRdP
-mOlLOpPFmSwzwsVcWHobf9dy7DuzfeTFIAIFWXH8yZEz1FeNncqiFSFILwlxDftY
-hcJcVyPtHjjQOk8NMzxd/pPmgiJL5AIwHCLEmJWYHEASqEtCPUIPE3leSW++d6Rs
-hEfPrKm3aN5NA6RBXVBePwkjhzQBPKUcu4RdoXY3RHriZ2DCXcCb/aGlTBVtG2ki
-y/6AJU1hlz9I9FAscHOWkjt/0dt/aCPD5EJRKsqbEX5OQJtBNkMduhfZ63/w4bsb
-u2SCNmMCAwEAAaNTMFEwHQYDVR0OBBYEFLgUu6zRtIHhBv/bTp9wxAlr3fSfMB8G
-A1UdIwQYMBaAFLgUu6zRtIHhBv/bTp9wxAlr3fSfMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQELBQADggIBAJoM5mlxmVYvbHPmNUFF3D5eK0ETZZILGrD9WLuQ
-UJ9Zgf73bUTdGIp9arohFoQdyMe20EVbeMt/VeYwCQ1a970IaOHMWjwMPmHL6M5d
-J5/gssomLHtyF3L4oRxkubvIsowwSDkoCBbc3GzYt1RELdfbH52GO3hzqhhuYntU
-/po/TTBCNFh9HjBIC0ztFeuBtQcsCaqZzhobDVRxc1jF8ASJm0YzOpENd32MdUwC
-7dr+lRpXgdy+3s0yyd0Col53W47hcSLdCoF4x4swQmUjV4dTXlkHnXa5qUB55WvN
-7jcyHEpYyiJH/9tDYmDjTrDDgaS/M3zvxds0jZlklZTvxzKNtfMJxRv4nq7Kgipg
-5ED9VeaDmXSLuVjq7qmARtLN2jh+XNZD0esITrVbDCv57yHR1nKMCZYHN99/xl3h
-pUe7iHcSbaHDGGX8Tt4lHFipVDfFtC1bvy8mrlYb1SCyO0PXvs3/v9YHmviFtd4k
-P/iYPT2BM83FqMmvAJPQ/sdW6IamkcdCr6RKOkgjNjrHDmEfmU8gNbaK2FbTZ1aY
-4+SvtG89N3mmlcbjF7M3FANacGEEzHtPyU8JDrkOmcxd2sxWVcLwGlI1XSv8f4Az
-dRKeO1xpiGERp4GiMP5/4AAvHCIeoebsRODPMko0wWIaOU4cUVGlTyIla9Yi9N9p
-BSwD
------END CERTIFICATE-----
diff --git a/ssl/certs/iRedMail.crt b/ssl/certs/iRedMail.crt
new file mode 120000
index 0000000..826abd9
--- /dev/null
+++ b/ssl/certs/iRedMail.crt
@@ -0,0 +1 @@
+/etc/letsencrypt/live/mail.uhu-banane.eu/fullchain.pem
\ No newline at end of file
diff --git a/ssl/certs/iRedMail.crt.bak b/ssl/certs/iRedMail.crt.bak
new file mode 100644
index 0000000..46fd586
--- /dev/null
+++ b/ssl/certs/iRedMail.crt.bak
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGLzCCBBegAwIBAgIUUDTsI1RzjR/xSTdy6Ynw0lEl1oUwDQYJKoZIhvcNAQEL
+BQAwgaYxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxETAPBgNVBAcM
+CFNoZW5aaGVuMRwwGgYDVQQKDBNoZWxnYS51aHUtYmFuYW5lLmRlMQswCQYDVQQL
+DAJJVDEcMBoGA1UEAwwTaGVsZ2EudWh1LWJhbmFuZS5kZTEnMCUGCSqGSIb3DQEJ
+ARYYcm9vdEBoZWxnYS51aHUtYmFuYW5lLmRlMB4XDTIxMDQwODIwMDIzMVoXDTMx
+MDQwNjIwMDIzMVowgaYxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0Rvbmcx
+ETAPBgNVBAcMCFNoZW5aaGVuMRwwGgYDVQQKDBNoZWxnYS51aHUtYmFuYW5lLmRl
+MQswCQYDVQQLDAJJVDEcMBoGA1UEAwwTaGVsZ2EudWh1LWJhbmFuZS5kZTEnMCUG
+CSqGSIb3DQEJARYYcm9vdEBoZWxnYS51aHUtYmFuYW5lLmRlMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAyft3/rLPQDxUEZ8FrkmTqtLPssxy8p+hYh0G
+P40UwB0s/B+gAU7t/Dut+i8Gl+sLdjb2hVus7j3Qq36vpe+pMyG3R3Cg5vhgQDAN
+5nnUYxSLL3jo24dyYsGjpIaxBA0UpR0I1l6+vSH+Ogl3SOtvDJ7mJSD3btLDDAcl
+MRhhVYFox45OQVbrz6waza7+mfBC6uRGWzwUi09Whn21GX7F5g6YrvLmcflDc2IO
+mSwTmlG5V/pbTw6NtyqYEm7Dr179Uogd6gU92mQNA76kJi0I/MnAkwWNL//ASw3e
+b7mkjgxUMgN/RFzpvLl4QJsoA7DEOTPF4yuqrHhnWSU8Ctztjfj6R8sPXfy5s5Ot
+fZFZeGotFagTt7UmxUQHVb9MP0S+eSYAhLKz/8cH24OWzkeoyBeD8aXCUmsbDRdP
+mOlLOpPFmSwzwsVcWHobf9dy7DuzfeTFIAIFWXH8yZEz1FeNncqiFSFILwlxDftY
+hcJcVyPtHjjQOk8NMzxd/pPmgiJL5AIwHCLEmJWYHEASqEtCPUIPE3leSW++d6Rs
+hEfPrKm3aN5NA6RBXVBePwkjhzQBPKUcu4RdoXY3RHriZ2DCXcCb/aGlTBVtG2ki
+y/6AJU1hlz9I9FAscHOWkjt/0dt/aCPD5EJRKsqbEX5OQJtBNkMduhfZ63/w4bsb
+u2SCNmMCAwEAAaNTMFEwHQYDVR0OBBYEFLgUu6zRtIHhBv/bTp9wxAlr3fSfMB8G
+A1UdIwQYMBaAFLgUu6zRtIHhBv/bTp9wxAlr3fSfMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggIBAJoM5mlxmVYvbHPmNUFF3D5eK0ETZZILGrD9WLuQ
+UJ9Zgf73bUTdGIp9arohFoQdyMe20EVbeMt/VeYwCQ1a970IaOHMWjwMPmHL6M5d
+J5/gssomLHtyF3L4oRxkubvIsowwSDkoCBbc3GzYt1RELdfbH52GO3hzqhhuYntU
+/po/TTBCNFh9HjBIC0ztFeuBtQcsCaqZzhobDVRxc1jF8ASJm0YzOpENd32MdUwC
+7dr+lRpXgdy+3s0yyd0Col53W47hcSLdCoF4x4swQmUjV4dTXlkHnXa5qUB55WvN
+7jcyHEpYyiJH/9tDYmDjTrDDgaS/M3zvxds0jZlklZTvxzKNtfMJxRv4nq7Kgipg
+5ED9VeaDmXSLuVjq7qmARtLN2jh+XNZD0esITrVbDCv57yHR1nKMCZYHN99/xl3h
+pUe7iHcSbaHDGGX8Tt4lHFipVDfFtC1bvy8mrlYb1SCyO0PXvs3/v9YHmviFtd4k
+P/iYPT2BM83FqMmvAJPQ/sdW6IamkcdCr6RKOkgjNjrHDmEfmU8gNbaK2FbTZ1aY
+4+SvtG89N3mmlcbjF7M3FANacGEEzHtPyU8JDrkOmcxd2sxWVcLwGlI1XSv8f4Az
+dRKeO1xpiGERp4GiMP5/4AAvHCIeoebsRODPMko0wWIaOU4cUVGlTyIla9Yi9N9p
+BSwD
+-----END CERTIFICATE-----
diff --git a/ssl/private/iRedMail.key b/ssl/private/iRedMail.key
deleted file mode 100644
index c90951e..0000000
--- a/ssl/private/iRedMail.key
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDJ+3f+ss9APFQR
-nwWuSZOq0s+yzHLyn6FiHQY/jRTAHSz8H6ABTu38O636LwaX6wt2NvaFW6zuPdCr
-fq+l76kzIbdHcKDm+GBAMA3medRjFIsveOjbh3JiwaOkhrEEDRSlHQjWXr69If46
-CXdI628MnuYlIPdu0sMMByUxGGFVgWjHjk5BVuvPrBrNrv6Z8ELq5EZbPBSLT1aG
-fbUZfsXmDpiu8uZx+UNzYg6ZLBOaUblX+ltPDo23KpgSbsOvXv1SiB3qBT3aZA0D
-vqQmLQj8ycCTBY0v/8BLDd5vuaSODFQyA39EXOm8uXhAmygDsMQ5M8XjK6qseGdZ
-JTwK3O2N+PpHyw9d/Lmzk619kVl4ai0VqBO3tSbFRAdVv0w/RL55JgCEsrP/xwfb
-g5bOR6jIF4PxpcJSaxsNF0+Y6Us6k8WZLDPCxVxYeht/13LsO7N95MUgAgVZcfzJ
-kTPUV42dyqIVIUgvCXEN+1iFwlxXI+0eONA6Tw0zPF3+k+aCIkvkAjAcIsSYlZgc
-QBKoS0I9Qg8TeV5Jb753pGyER8+sqbdo3k0DpEFdUF4/CSOHNAE8pRy7hF2hdjdE
-euJnYMJdwJv9oaVMFW0baSLL/oAlTWGXP0j0UCxwc5aSO3/R239oI8PkQlEqypsR
-fk5Am0E2Qx26F9nrf/Dhuxu7ZII2YwIDAQABAoICADREVY3cOZNWyS5yJycttP+s
-Y8DR9SDhvAJGnnpNiMQaCK0Jhf8wrJbr3p5yEtO3KBUkLfDeg0Z3SotGUi+vb+pi
-XCopdAmw1j9l8ALnHdWx2D6lnCRKzYfOsgj+LcptlB0SAVpv1A3fQQlFr8931Rm/
-+LA88qqD8aMoKjClLXLR9QpGwetYkdcAo0L8eLffG4HrJmWvi2VtV2egGgAJ9S4O
-MuZ6xrVRmmm+QybR6BSz9zFUANLZYkS2yfljHlJAU29K9+q6BoKAB3ojmBik6MF5
-d9LTyfBUzy7c3OWudW2otRToIMPRA08p83tMazNhR7XBtwCNKTJOSfggkYQCHZp8
-1lh79+XYE2aFV1Jrx+o5MQ40dZyWVv9I2ZHQM63d7hARSpcnvHq+kG+B4JXow4hh
-ARyjqharrzTWbHlQGaAwKKGO/Lvi3VEp9dbcjl/8RbU3A6AS/HobM+GG/zwUhWv9
-8uupQCDevYX2qnYEkt6Z8RSF70lPegQKUXLonFrzXsWr/ZiNqJkl4UqFiApx98JR
-8QtHIZa6RKNH/g70VViSdItKcUVOfdYHmObsFslOgZieo86JV42Zinr4xXUDqLtq
-eLNKBCungyapB9TS1rxkjN3RfXS+vlJgi9V1GU4MseWQjcHrMotkVYq5jBK7rVhA
-NVLjBy5Ms+zJ486i2Ub5AoIBAQDkOLY4rJA2RhyATYZIeDmoz8tFUvpsa+lsK6FT
-yhRjrawM3TOvwwKiW39RAqKXsB7KJyL8CS/8QuqFeLC/ntAljpqBxTa9XUl07KSP
-J2X7nELeKwlFqXJ+1mxKMsrCt4wUf8AFoVYfkGSuKhSjD94anBCOjmXh4jwNEbhX
-eJHDHRlqllkIPEvksp1W8g9zXL2IycxDs9HPLrPpSKemuc9X9S+Ma66nd2k6cRqG
-BL/UHPxCl18zpbvtufZKGV9t7WsDK4onwEU2q+A9P4Qo4Ij73IZpzR3enbvpG4RX
-S5ZEL90BVMbdYkmZX8F/VWc1H755Eg8sPgFGOgOuDN9j//MfAoIBAQDikSdEN5Lr
-Vy/fnZ5TsrTb2jKWgInmkmjCbNm5RYtEooP02qvlGoYOa5IB4VNaNWrgFKwse29s
-DbM7nF8en+15uFmeyfsQDdoAabNRwZN2yQ9jwcm172lNTHvgkkhWAJWu9xcrcc0F
-QR/TjYBWdVkZBTz1TGSLTt6LV12tlE10ANdCuzCZwLLB+kabrikUAKp+NmvQG3Ev
-BlwISWOuKx664U8OozgJ1Dm2oZVJ7cYSbKKPh0pGNfFSNLCMGt2TEk8mYSnJF6Vn
-r8NrEauiTmzLWXcVaGvxmBuVPYqIo9ResHdOw4znRgAb8stK37n9Usj+RDKmvlt4
-u8fwdWxsWbg9AoIBAG09oCucniL8iGP5t880jRT68eerAmend8HpWH2M+xmDZhl6
-QGVfSQGCHn0eb8l/6h0Fgr91flyXgz6EOMZgNG3lxptbVQprft/S7in/x9caQv+p
-RfTsWPvRk2Ao09lElm6xf66yPVE6gpbDWcF7tOqzzVEPZEEtU2VGGCD2e38TjLjy
-YoeIpSNBRAL8Nt0XhTnWrkmx5znutvtxZZ5uzorht/LVEHLku5/Xx8RivZfAkBcn
-8c/9AumV3Ag4AO/Tdye7TZQdeoPi3aEzqAURBUDZnBVEs4l9oxa/rydB7RmSd41N
-kSsjAuvBZBOZQ5+wJDI7rLuWqnF9D4nea4eoWi0CggEAJBao4YXUoiXuGzlZCc3y
-Xv6fhjeNP6vcgfOiro80Qsd8K1lVfhW+ereJt0Dz7O+LSYwhbKhwtA5umTUsNY2V
-3wiNRey4T/NU4TH0/TXPTmFyURqCDbfH1ycyqC/E0+Yd8ZOsHiBvXsHj1ue4JI1m
-lsSt1AjKDyKN8jYFVuvDdpHXt+pnMGZwUtORwaR5KJV+ksIKZEiqu6nQqQU/mnOF
-3pCa7iLzfyVN2Bhe1jrIjRC+yAvtucdH3CdGY9q3poCJGPzrEfvxPdXSU9CpvR2u
-2Kk0fbV3VDE9W4VE9sTZxAdpyaL+Y6xTwh/nX9LJJl+0YkPsqYCyw0Vt8JBTp+KW
-pQKCAQEAtpUbpWpRbnj09XLrFupvacWDFPcrkKDVXD7cY0JWp/aLAFoxzswuRT0k
-qhniZIDLTH8fsVGkeJBDgzc5E8q6/w0yIPpICp47qFK63HVvJDz0lEYmK3rHN6pu
-LFLD4ibLTr4mc9mRRowVHlJPFugh7icI3ejcXcE7o0GHWb0/DgdWCfB3gXpGuEGP
-Uh3wZbacK48AiFATWCwgF171nBM55KbT055jJqob2C/Ci2t1SJoZtCvLydzM5Wnk
-2HtKx1l6A9d6hMqSFLQYA20P+4lHO0Q4rb27b7rJyz+1Q23KLlNvzlwGKY9qWt9r
-UEyvPYOkCr8/qEVcHTMhf/daAMCpGQ==
------END PRIVATE KEY-----
diff --git a/ssl/private/iRedMail.key b/ssl/private/iRedMail.key
new file mode 120000
index 0000000..839e1ed
--- /dev/null
+++ b/ssl/private/iRedMail.key
@@ -0,0 +1 @@
+/etc/letsencrypt/live/mail.uhu-banane.eu/privkey.pem
\ No newline at end of file
diff --git a/ssl/private/iRedMail.key.bak b/ssl/private/iRedMail.key.bak
new file mode 100644
index 0000000..c90951e
--- /dev/null
+++ b/ssl/private/iRedMail.key.bak
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDJ+3f+ss9APFQR
+nwWuSZOq0s+yzHLyn6FiHQY/jRTAHSz8H6ABTu38O636LwaX6wt2NvaFW6zuPdCr
+fq+l76kzIbdHcKDm+GBAMA3medRjFIsveOjbh3JiwaOkhrEEDRSlHQjWXr69If46
+CXdI628MnuYlIPdu0sMMByUxGGFVgWjHjk5BVuvPrBrNrv6Z8ELq5EZbPBSLT1aG
+fbUZfsXmDpiu8uZx+UNzYg6ZLBOaUblX+ltPDo23KpgSbsOvXv1SiB3qBT3aZA0D
+vqQmLQj8ycCTBY0v/8BLDd5vuaSODFQyA39EXOm8uXhAmygDsMQ5M8XjK6qseGdZ
+JTwK3O2N+PpHyw9d/Lmzk619kVl4ai0VqBO3tSbFRAdVv0w/RL55JgCEsrP/xwfb
+g5bOR6jIF4PxpcJSaxsNF0+Y6Us6k8WZLDPCxVxYeht/13LsO7N95MUgAgVZcfzJ
+kTPUV42dyqIVIUgvCXEN+1iFwlxXI+0eONA6Tw0zPF3+k+aCIkvkAjAcIsSYlZgc
+QBKoS0I9Qg8TeV5Jb753pGyER8+sqbdo3k0DpEFdUF4/CSOHNAE8pRy7hF2hdjdE
+euJnYMJdwJv9oaVMFW0baSLL/oAlTWGXP0j0UCxwc5aSO3/R239oI8PkQlEqypsR
+fk5Am0E2Qx26F9nrf/Dhuxu7ZII2YwIDAQABAoICADREVY3cOZNWyS5yJycttP+s
+Y8DR9SDhvAJGnnpNiMQaCK0Jhf8wrJbr3p5yEtO3KBUkLfDeg0Z3SotGUi+vb+pi
+XCopdAmw1j9l8ALnHdWx2D6lnCRKzYfOsgj+LcptlB0SAVpv1A3fQQlFr8931Rm/
++LA88qqD8aMoKjClLXLR9QpGwetYkdcAo0L8eLffG4HrJmWvi2VtV2egGgAJ9S4O
+MuZ6xrVRmmm+QybR6BSz9zFUANLZYkS2yfljHlJAU29K9+q6BoKAB3ojmBik6MF5
+d9LTyfBUzy7c3OWudW2otRToIMPRA08p83tMazNhR7XBtwCNKTJOSfggkYQCHZp8
+1lh79+XYE2aFV1Jrx+o5MQ40dZyWVv9I2ZHQM63d7hARSpcnvHq+kG+B4JXow4hh
+ARyjqharrzTWbHlQGaAwKKGO/Lvi3VEp9dbcjl/8RbU3A6AS/HobM+GG/zwUhWv9
+8uupQCDevYX2qnYEkt6Z8RSF70lPegQKUXLonFrzXsWr/ZiNqJkl4UqFiApx98JR
+8QtHIZa6RKNH/g70VViSdItKcUVOfdYHmObsFslOgZieo86JV42Zinr4xXUDqLtq
+eLNKBCungyapB9TS1rxkjN3RfXS+vlJgi9V1GU4MseWQjcHrMotkVYq5jBK7rVhA
+NVLjBy5Ms+zJ486i2Ub5AoIBAQDkOLY4rJA2RhyATYZIeDmoz8tFUvpsa+lsK6FT
+yhRjrawM3TOvwwKiW39RAqKXsB7KJyL8CS/8QuqFeLC/ntAljpqBxTa9XUl07KSP
+J2X7nELeKwlFqXJ+1mxKMsrCt4wUf8AFoVYfkGSuKhSjD94anBCOjmXh4jwNEbhX
+eJHDHRlqllkIPEvksp1W8g9zXL2IycxDs9HPLrPpSKemuc9X9S+Ma66nd2k6cRqG
+BL/UHPxCl18zpbvtufZKGV9t7WsDK4onwEU2q+A9P4Qo4Ij73IZpzR3enbvpG4RX
+S5ZEL90BVMbdYkmZX8F/VWc1H755Eg8sPgFGOgOuDN9j//MfAoIBAQDikSdEN5Lr
+Vy/fnZ5TsrTb2jKWgInmkmjCbNm5RYtEooP02qvlGoYOa5IB4VNaNWrgFKwse29s
+DbM7nF8en+15uFmeyfsQDdoAabNRwZN2yQ9jwcm172lNTHvgkkhWAJWu9xcrcc0F
+QR/TjYBWdVkZBTz1TGSLTt6LV12tlE10ANdCuzCZwLLB+kabrikUAKp+NmvQG3Ev
+BlwISWOuKx664U8OozgJ1Dm2oZVJ7cYSbKKPh0pGNfFSNLCMGt2TEk8mYSnJF6Vn
+r8NrEauiTmzLWXcVaGvxmBuVPYqIo9ResHdOw4znRgAb8stK37n9Usj+RDKmvlt4
+u8fwdWxsWbg9AoIBAG09oCucniL8iGP5t880jRT68eerAmend8HpWH2M+xmDZhl6
+QGVfSQGCHn0eb8l/6h0Fgr91flyXgz6EOMZgNG3lxptbVQprft/S7in/x9caQv+p
+RfTsWPvRk2Ao09lElm6xf66yPVE6gpbDWcF7tOqzzVEPZEEtU2VGGCD2e38TjLjy
+YoeIpSNBRAL8Nt0XhTnWrkmx5znutvtxZZ5uzorht/LVEHLku5/Xx8RivZfAkBcn
+8c/9AumV3Ag4AO/Tdye7TZQdeoPi3aEzqAURBUDZnBVEs4l9oxa/rydB7RmSd41N
+kSsjAuvBZBOZQ5+wJDI7rLuWqnF9D4nea4eoWi0CggEAJBao4YXUoiXuGzlZCc3y
+Xv6fhjeNP6vcgfOiro80Qsd8K1lVfhW+ereJt0Dz7O+LSYwhbKhwtA5umTUsNY2V
+3wiNRey4T/NU4TH0/TXPTmFyURqCDbfH1ycyqC/E0+Yd8ZOsHiBvXsHj1ue4JI1m
+lsSt1AjKDyKN8jYFVuvDdpHXt+pnMGZwUtORwaR5KJV+ksIKZEiqu6nQqQU/mnOF
+3pCa7iLzfyVN2Bhe1jrIjRC+yAvtucdH3CdGY9q3poCJGPzrEfvxPdXSU9CpvR2u
+2Kk0fbV3VDE9W4VE9sTZxAdpyaL+Y6xTwh/nX9LJJl+0YkPsqYCyw0Vt8JBTp+KW
+pQKCAQEAtpUbpWpRbnj09XLrFupvacWDFPcrkKDVXD7cY0JWp/aLAFoxzswuRT0k
+qhniZIDLTH8fsVGkeJBDgzc5E8q6/w0yIPpICp47qFK63HVvJDz0lEYmK3rHN6pu
+LFLD4ibLTr4mc9mRRowVHlJPFugh7icI3ejcXcE7o0GHWb0/DgdWCfB3gXpGuEGP
+Uh3wZbacK48AiFATWCwgF171nBM55KbT055jJqob2C/Ci2t1SJoZtCvLydzM5Wnk
+2HtKx1l6A9d6hMqSFLQYA20P+4lHO0Q4rb27b7rJyz+1Q23KLlNvzlwGKY9qWt9r
+UEyvPYOkCr8/qEVcHTMhf/daAMCpGQ==
+-----END PRIVATE KEY-----
-- 
2.39.5