evgeny/modoboa-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Better (more secure) config.

Browse Source 
see #75
This commit is contained in:
Antoine Nguyen
2016-12-07 16:57:12 +01:00
parent 55cacdc1ed
commit 84ad8e80b9
5 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modoboa_installer/scripts/files/postfix/main.cf.tpl
View File

@@ -34,10 +34,11 @@ smtpd_tls_security_level = may
smtpd_tls_received_header = yes
# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA
smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
# Enable elliptic curve cryptography
smtpd_tls_eecdh_grade = strong
@@ -45,6 +46,7 @@ smtpd_tls_eecdh_grade = strong
# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_exclude_ciphers = EXPORT, LOW
## Virtual transport settings
#

1
modoboa_installer/scripts/files/postfix/master.cf.tpl
View File

@@ -19,6 +19,7 @@ tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o tls_preempt_cipherlist=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject