cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-20 04:48:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

postfix: enforce TLS 1.2, disallow some insecure TLS ciphers

Browse Source
This commit is contained in:
missytake
2023-12-08 22:13:18 +01:00
committed by link2xt
parent 05bdf65996
commit 9ddf60d0fc
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmdeploy/src/cmdeploy/postfix/main.cf.j2
View File

@@ -23,6 +23,8 @@ smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = {{ config.mail_domain }} myhostname = {{ config.mail_domain }}