postfix: tls++ like in ssl-config.mozilla.org intermediate
This commit is contained in:
parent
cf9084c620
commit
ad48d5243b
|
@ -23,10 +23,9 @@ queue_run_delay = 5m
|
||||||
## TLS settings
|
## TLS settings
|
||||||
###
|
###
|
||||||
|
|
||||||
tls_preempt_cipherlist = yes
|
tls_preempt_cipherlist = no
|
||||||
tls_ssl_options = NO_COMPRESSION
|
tls_ssl_options = NO_COMPRESSION
|
||||||
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
|
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
|
||||||
|
|
||||||
### Outbound SMTP connections (Postfix as sender)
|
### Outbound SMTP connections (Postfix as sender)
|
||||||
|
|
||||||
|
@ -45,8 +44,10 @@ smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
### Inbound SMTP connections
|
### Inbound SMTP connections
|
||||||
smtpd_tls_security_level = may
|
smtpd_tls_security_level = may
|
||||||
smtpd_tls_protocols = !SSLv2, !SSLv3
|
smtpd_tls_auth_only = yes
|
||||||
smtpd_tls_ciphers = high
|
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
||||||
|
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
||||||
|
smtpd_tls_mandatory_ciphers = medium
|
||||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||||
|
|
||||||
smtpd_tls_key_file = /etc/dehydrated/certs/{{ mailserver_cert_domains.split(' ')[0] }}/privkey.pem
|
smtpd_tls_key_file = /etc/dehydrated/certs/{{ mailserver_cert_domains.split(' ')[0] }}/privkey.pem
|
||||||
|
|
Loading…
Reference in New Issue