bundles/postfix: lessen smtpd security restrictions
This commit is contained in:
parent
caa54051ff
commit
90823b7984
1 changed files with 9 additions and 5 deletions
|
@ -48,13 +48,17 @@ smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
|
|||
smtpd_helo_required = yes
|
||||
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
|
||||
smtpd_data_restrictions = reject_unauth_pipelining
|
||||
|
||||
# generated using mozilla ssl generator, using "old" configuration.
|
||||
# we need this to support CentOS 7 systems, sadly ...
|
||||
# https://ssl-config.mozilla.org/#server=postfix&version=3.5.13&config=old&openssl=1.1.1k&guideline=5.6
|
||||
smtpd_tls_security_level = may
|
||||
smtpd_tls_mandatory_ciphers = high
|
||||
smtpd_tls_exclude_ciphers = aNULL,LOW,EXP,MEDIUM,ADH,AECDH,MD5,DSS,ECDSA,CAMELLIA128,3DES,CAMELLIA256,RSA+AES,eNULL
|
||||
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||
smtpd_tls_ciphers = medium
|
||||
smtpd_tls_auth_only = yes
|
||||
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
||||
smtpd_tls_protocols = !SSLv2, !SSLv3
|
||||
smtpd_tls_mandatory_ciphers = medium
|
||||
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
|
||||
tls_preempt_cipherlist = yes
|
||||
</%text>
|
||||
|
||||
relay_domains = $mydestination, pgsql:/etc/postfix/pgsql/relay_domains.cf
|
||||
|
|
Loading…
Reference in a new issue