diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-05-18 19:25:20 +0200 | 
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-05-18 21:13:46 +0200 | 
| commit | 8fc53ecddfe875be30501a89fd24f226de7575d9 (patch) | |
| tree | 7412dfd08ec407fbd57bfb15f9fef16244cd100f /roles/common/files/etc/postfix | |
| parent | 00ef4cf0b280b6c9acefeae9065bec99540411aa (diff) | |
postfix: Update to recommended TLS settings.
Following Viktor Dukhovni's 2015-08-06 recommendation
    http://article.gmane.org/gmane.mail.postfix.user/251935
(We're using stronger ciphers and protocols in our own infrastructure.)
Diffstat (limited to 'roles/common/files/etc/postfix')
| -rw-r--r-- | roles/common/files/etc/postfix/master.cf | 4 | 
1 files changed, 4 insertions, 0 deletions
| diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf index 9b81c70..b816223 100644 --- a/roles/common/files/etc/postfix/master.cf +++ b/roles/common/files/etc/postfix/master.cf @@ -14,6 +14,7 @@ smtp      inet  n       -       n       -       1       postscreen  tlsproxy  unix  -       -       n       -       0       tlsproxy  dnsblog   unix  -       -       n       -       0       dnsblog  submission inet n       -       -       -       -       smtpd +  -o tls_high_cipherlist=HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH  pickup    fifo  n       -       -       60      1       pickup  cleanup   unix  n       -       -       -       0       cleanup  cleanup_nochroot unix n -       n       -       0       cleanup @@ -43,8 +44,11 @@ anvil     unix  -       -       -       -       1       anvil  scache    unix  -       -       -       -       1       scache  127.0.0.1:16132 inet n  -       -       -       -       smtpd  2525      inet  n       -       -       -       -       smtpd +  -o tls_high_cipherlist=EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL  2526      inet  n       -       -       -       -       smtpd +  -o tls_high_cipherlist=EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL  2527      inet  n       -       -       -       -       smtpd +  -o tls_high_cipherlist=EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL  reserved-alias unix  -  n       n       -       -       pipe    flags=Rhu user=nobody argv=/usr/local/bin/reserved-alias.pl ${sender} ${original_recipient} @fripost.org  sympa     unix  -       n       n       -       -       pipe | 
