From 5f08683ba87765db98e44e1ca024e1f5c9e14d93 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Tue, 27 Oct 2015 18:47:33 +0100
Subject: Update Postfix config.

---
 konfigurera.mdwn | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/konfigurera.mdwn b/konfigurera.mdwn
index 3a8c7e0..e2f7a82 100644
--- a/konfigurera.mdwn
+++ b/konfigurera.mdwn
@@ -143,9 +143,7 @@ password      uSerS_paSSword
 Kör följande kommandon:
 
 <pre>
-touch /etc/postfix/sasl/passwd
-sudo chown root:root /etc/postfix/sasl/passwd
-sudo chmod 0400 /etc/postfix/sasl/passwd
+sudo install -m 0400 /dev/null /etc/postfix/sasl/passwd
 </pre>
 
 Lägg in följande rad i /etc/postfix/sasl/passwd
@@ -171,9 +169,10 @@ smtp_sasl_security_options     = noanonymous, noplaintext
 smtp_sasl_tls_security_options = noanonymous
 
 smtp_tls_security_level = fingerprint
-smtp_tls_fingerprint_digest = sha1
+smtp_tls_fingerprint_digest = sha256
 smtp_tls_mandatory_ciphers = high
-smtp_tls_fingerprint_cert_match = 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_fingerprint_cert_match = 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB
 </pre>
 
 Guilhems kommentar:
@@ -187,13 +186,12 @@ Guilhems kommentar:
 >       smtp_tls_policy_maps                 = hash:$config_directory/tls_policy
 >       smtp_sender_dependent_authentication = yes
 >       sender_dependent_relayhost_maps      = hash:$config_directory/relayhost_map
->       smtp_tls_fingerprint_digest          = sha1
+>       smtp_tls_fingerprint_digest          = sha256
 >
 >     /etc/postfix/tls_policy
->       [smtp.chalmers.se]:587  secure ciphers=high
->       [smtp.fripost.org]:587  fingerprint
->           match=03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC
->           ciphers=high
+>       [smtp.chalmers.se]:587  secure ciphers=high protocols=!SSLv2:!SSLv3
+>       [smtp.fripost.org]:587  fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1
+>           match=6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB
 >
 >     /etc/postfix/relayhost_map
 >       @fripost.org                [smtp.fripost.org]:587
-- 
cgit v1.2.3