summaryrefslogtreecommitdiffstats
path: root/roles/MSA/templates
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-18 17:59:23 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-18 17:59:23 +0200
commit00ef4cf0b280b6c9acefeae9065bec99540411aa (patch)
treef73f9335b2ed5b762f2698566f595af582ea7477 /roles/MSA/templates
parentcda53ea254de51eb46cb0f53f7d33b9a0f794bfc (diff)
postfix: unset 'smtpd_tls_session_cache_database'.
Following Viktor Dukhovni's 2015-08-06 recommendation for Postfix >= 2.11 http://article.gmane.org/gmane.mail.postfix.user/251935
Diffstat (limited to 'roles/MSA/templates')
-rw-r--r--roles/MSA/templates/etc/postfix/main.cf.j22
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index ae64b22..fe65830 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -63,41 +63,41 @@ header_checks = pcre:$config_directory/anonymize_sender.pcre
# TLS
{% if 'out' in group_names %}
smtp_tls_security_level = none
smtp_bind_address = 127.0.0.1
{% else %}
smtp_tls_security_level = encrypt
smtp_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
smtp_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
smtp_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_policy_maps = cdb:/etc/postfix/tls_policy
smtp_tls_fingerprint_digest = sha256
{% endif %}
smtpd_tls_security_level = encrypt
smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.fripost.org.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtp.fripost.org.key
smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem
-smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
+smtpd_tls_session_cache_database=
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = unix:private/dovecot-auth
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
address_verify_sender = $double_bounce_sender@$mydomain
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 21:15:44 +0000