From ac9be357ce35647dfa6393014dba050b615265ff Mon Sep 17 00:00:00 2001
From: 17Halbe <github-alex@gar-nich.net>
Date: Sun, 11 Feb 2018 18:37:04 +0100
Subject: [PATCH] Diffie-Hellman 2048 Bit Parameters should be changed
 regularly. (#834)

Since it is assumed that the NSA uses Rainbowtables to break default-DHE-Parameters, one is encouraged to change the Parameters periodically.
---
 Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 78894d42..6c260792 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -178,7 +178,9 @@ RUN mkdir /var/run/fetchmail && chown fetchmail /var/run/fetchmail
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
 COPY target/postfix/sender_header_filter.pcre /etc/postfix/maps/sender_header_filter.pcre
 RUN echo "" > /etc/aliases && \
-  openssl dhparam -out /etc/postfix/dhparams.pem 2048
+  openssl dhparam -out /etc/postfix/dhparams.pem 2048 && \
+  echo "@daily FILE=`mktemp` ; openssl dhparam -out $FILE 2048 > /dev/null 2>&1 && mv -f $FILE /etc/postfix/dhparams.pem" > /etc/cron.d/dh2048
+
 
 # Configuring Logs
 RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \