summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2015-10-27 18:47:33 +0100
committerGuilhem Moulin <guilhem.moulin@fripost.org>2015-10-27 18:48:41 +0100
commit5f08683ba87765db98e44e1ca024e1f5c9e14d93 (patch)
tree48bc6689acb10092a363e5b7630c179862c9ac98
parent27ce10fc5fb5d85ec9bc0a92532b868c6c0925bf (diff)
Update Postfix config.
-rw-r--r--konfigurera.mdwn18
1 files changed, 8 insertions, 10 deletions
diff --git a/konfigurera.mdwn b/konfigurera.mdwn
index 3a8c7e0..e2f7a82 100644
--- a/konfigurera.mdwn
+++ b/konfigurera.mdwn
@@ -143,9 +143,7 @@ password uSerS_paSSword
Kör följande kommandon:
<pre>
-touch /etc/postfix/sasl/passwd
-sudo chown root:root /etc/postfix/sasl/passwd
-sudo chmod 0400 /etc/postfix/sasl/passwd
+sudo install -m 0400 /dev/null /etc/postfix/sasl/passwd
</pre>
Lägg in följande rad i /etc/postfix/sasl/passwd
@@ -171,9 +169,10 @@ smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = fingerprint
-smtp_tls_fingerprint_digest = sha1
+smtp_tls_fingerprint_digest = sha256
smtp_tls_mandatory_ciphers = high
-smtp_tls_fingerprint_cert_match = 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_fingerprint_cert_match = 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB
</pre>
Guilhems kommentar:
@@ -187,13 +186,12 @@ Guilhems kommentar:
> smtp_tls_policy_maps = hash:$config_directory/tls_policy
> smtp_sender_dependent_authentication = yes
> sender_dependent_relayhost_maps = hash:$config_directory/relayhost_map
-> smtp_tls_fingerprint_digest = sha1
+> smtp_tls_fingerprint_digest = sha256
>
> /etc/postfix/tls_policy
-> [smtp.chalmers.se]:587 secure ciphers=high
-> [smtp.fripost.org]:587 fingerprint
-> match=03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC
-> ciphers=high
+> [smtp.chalmers.se]:587 secure ciphers=high protocols=!SSLv2:!SSLv3
+> [smtp.fripost.org]:587 fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1
+> match=6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB
>
> /etc/postfix/relayhost_map
> @fripost.org [smtp.fripost.org]:587