acmetool: Increase RSA key size from 2048 to 4096

guard expire/fsreport file iteration against vanishing, improve reporting
also activates actual deletion (after quite some dry test runs on nine)
2026-05-12 00:54:37 +00:00 · 2025-10-22 21:07:51 +00:00 · 2025-10-22 20:30:12 +02:00 · 2025-10-22 02:46:29 +00:00 · 2025-10-21 20:50:46 +00:00
3 changed files with 5 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@

 ## untagged

+- Require TLS 1.2 for outgoing SMTP connections
+  ([#685](https://github.com/chatmail/relay/pull/685))
+
 - filtermail: run CPU-intensive handle_DATA in a thread pool executor
  ([#676](https://github.com/chatmail/relay/pull/676))

--- a/cmdeploy/src/cmdeploy/acmetool/target.yaml.j2
+++ b/cmdeploy/src/cmdeploy/acmetool/target.yaml.j2
@@ -2,6 +2,7 @@ request:
  provider: https://acme-v02.api.letsencrypt.org/directory
  key:
    type: rsa
+    rsa-size: 4096
  challenge:
    webroot-paths:
    - /var/www/html/.well-known/acme-challenge
--- a/cmdeploy/src/cmdeploy/postfix/main.cf.j2
+++ b/cmdeploy/src/cmdeploy/postfix/main.cf.j2
@@ -26,6 +26,7 @@ smtp_tls_security_level=verify
 smtp_tls_servername = hostname
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_policy_maps = inline:{nauta.cu=may}
+smtp_tls_protocols = >=TLSv1.2
 smtpd_tls_protocols = >=TLSv1.2

 # Disable anonymous cipher suites
Author	SHA1	Message	Date
link2xt	32fa1d6cb8	acmetool: Increase RSA key size from 2048 to 4096	2025-10-22 21:07:51 +00:00
holger krekel	fa9aa5b015	guard expire/fsreport file iteration against vanishing, improve reporting also activates actual deletion (after quite some dry test runs on nine)	2025-10-22 20:30:12 +02:00
link2xt	0155f32df6	Require TLS 1.2 for outgoing SMTP connections	2025-10-22 02:46:29 +00:00
holger krekel	9ddd5d8b2b	Replace expiry "find" commands with a new chatmaild.expire python module + a reporting one	2025-10-21 20:50:46 +00:00