diff options
Diffstat (limited to 'roles/MSA/templates/etc/postfix/main.cf.j2')
-rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 65a0339..bc98d9e 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -20,7 +20,7 @@ append_dot_mydomain = no mynetworks = 127.0.0.0/8, [::1]/128 {%- for h in groups.webmail | difference([inventory_hostname]) | sort -%} - , {{ ipsec[ hostvars[h].inventory_hostname_short ] | ipaddr }} + , {{ ipsec[ hostvars[h].inventory_hostname_short ] | ansible.utils.ipaddr }} {% endfor %} queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }} @@ -40,7 +40,7 @@ message_size_limit = 67108864 recipient_delimiter = + # Forward everything to our internal outgoing proxy -relayhost = [{{ postfix_instance.out.addr | ipaddr }}]:{{ postfix_instance.out.port }} +relayhost = [{{ postfix_instance.out.addr | ansible.utils.ipaddr }}]:{{ postfix_instance.out.port }} relay_domains = @@ -60,14 +60,14 @@ header_checks = pcre:$config_directory/anonymize_sender.pcre # TLS smtp_tls_security_level = none smtpd_tls_security_level = encrypt -smtpd_tls_ciphers = high -smtpd_tls_protocols = !SSLv2, !SSLv3 -smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 +smtpd_tls_mandatory_ciphers = high +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_cert_file = $config_directory/ssl/smtp.fripost.org.pem smtpd_tls_key_file = $config_directory/ssl/smtp.fripost.org.key smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem smtpd_tls_session_cache_database= smtpd_tls_received_header = yes +tls_high_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 # SASL smtpd_sasl_auth_enable = yes |