Merge pull request #43 from tomav/fix-weak-ciphers

Fixed #42 - No more weak ciphers.
2024-01-19 02:48:50 +00:00 · 2015-12-06 21:00:19 +01:00 · 2015-12-06 21:00:19 +01:00 · c649f9f2b2
parent 07177f04cd 550d66936e
commit c649f9f2b2
1 changed files with 9 additions and 0 deletions
--- a/postfix/main.cf
+++ b/postfix/main.cf
@ -29,6 +29,15 @@ smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, rej
 smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 smtpd_sender_restrictions = permit_mynetworks
 smtp_tls_security_level = may
+smtp_tls_loglevel = 1
+smtpd_tls_auth_only = yes
+tls_ssl_options = NO_COMPRESSION
+tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+smtpd_tls_protocols=!SSLv2,!SSLv3
+smtp_tls_protocols=!SSLv2,!SSLv3
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL

 # SASL
 smtpd_sasl_auth_enable = yes