TLS parameters for Postfix

merge-requests/2/head
Matthew 2021-06-05 17:43:04 -04:00
parent 9215999b17
commit b039a40bf9
No known key found for this signature in database
GPG Key ID: 210AF32ADE3B5C4B
1 changed files with 7 additions and 1 deletions

View File

@ -33,16 +33,22 @@ broken_sasl_auth_clients = yes
smtpd_tls_cert_file=/etc/postfix/ssl/globalsign.crt smtpd_tls_cert_file=/etc/postfix/ssl/globalsign.crt
smtpd_tls_key_file=/etc/postfix/ssl/globalsign.key.pem smtpd_tls_key_file=/etc/postfix/ssl/globalsign.key.pem
smtpd_use_tls=yes smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may smtp_tls_security_level = encrypt
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/globalsign.ca.crt smtpd_tls_CAfile = /etc/postfix/ssl/globalsign.ca.crt
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = medium
tls_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
# RESTRICTIONS # RESTRICTIONS