From 72c02478091edff8707ae128b606b798b6d68e19 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@octopuce.fr>
Date: Wed, 24 Feb 2016 16:15:16 +0100
Subject: [PATCH] adding proper TLS configuration for Postfix (in and out)

---
 etc/alternc/templates/alternc/postfix/postfix.cf | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/etc/alternc/templates/alternc/postfix/postfix.cf b/etc/alternc/templates/alternc/postfix/postfix.cf
index 857fe844..2e246818 100644
--- a/etc/alternc/templates/alternc/postfix/postfix.cf
+++ b/etc/alternc/templates/alternc/postfix/postfix.cf
@@ -55,3 +55,19 @@ message_size_limit = 100000000
 virtual_mailbox_limit = 0
 mailbox_size_limit = 0
 enable_original_recipient = no
+smtp_tls_dcert_file = $smtpd_tls_dcert_file
+smtp_tls_dkey_file = $smtpd_tls_dcert_file
+smtp_tls_CAfile = $smtpd_tls_CAfile
+smtp_tls_key_file = $smtpd_tls_dcert_file
+smtp_tls_cert_file = $smtpd_tls_dcert_file
+smtp_use_tls = yes
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtp_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
+smtp_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4                                                                                            
+tls_preempt_cipherlist      = yes
+smtpd_tls_mandatory_ciphers = high
+smtp_tls_mandatory_ciphers = high
+smtpd_tls_ciphers           = high
+smtp_tls_ciphers           = high