adding proper TLS configuration for Postfix (in and out)

2016-02-24 16:15:16 +01:00 · 2016-02-24 16:15:16 +01:00 · 72c0247809
parent dd468785e5
commit 72c0247809
1 changed files with 16 additions and 0 deletions
--- a/etc/alternc/templates/alternc/postfix/postfix.cf
+++ b/etc/alternc/templates/alternc/postfix/postfix.cf
@ -55,3 +55,19 @@ message_size_limit = 100000000
 virtual_mailbox_limit = 0
 mailbox_size_limit = 0
 enable_original_recipient = no
+smtp_tls_dcert_file = $smtpd_tls_dcert_file
+smtp_tls_dkey_file = $smtpd_tls_dcert_file
+smtp_tls_CAfile = $smtpd_tls_CAfile
+smtp_tls_key_file = $smtpd_tls_dcert_file
+smtp_tls_cert_file = $smtpd_tls_dcert_file
+smtp_use_tls = yes
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtp_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
+smtp_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4                                                                                            
+tls_preempt_cipherlist      = yes
+smtpd_tls_mandatory_ciphers = high
+smtp_tls_mandatory_ciphers = high
+smtpd_tls_ciphers           = high
+smtp_tls_ciphers           = high