mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
76594c21c4
[Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options): > Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security. [Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html): > The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data. > The auditor completely failed to take the context into account. [Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html) > keeping compression disabled is a good idea. If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS. |
||
|---|---|---|
| .. | ||
| header_checks.pcre | ||
| ldap-aliases.cf | ||
| ldap-domains.cf | ||
| ldap-groups.cf | ||
| ldap-users.cf | ||
| main.cf | ||
| master.cf | ||
| sender_header_filter.pcre | ||
| sender_login_maps.pcre | ||