saltstack-formulas/postfix-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enhance default TLS configuration

Browse Source 
Increase default security settings according to upstream documentation
tough it is by no mean perfect.
This commit is contained in:
Gilles Dartiguelongue 2015-08-23 00:27:03 +02:00
parent 2e0e9cdd27
commit 609737b0cc
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
postfix/files/main.cf
View File

@ -56,10 +56,18 @@
# TLS parameters (http://www.postfix.org/TLS_README.html)
# Recipient settings
{{ set_parameter('smtpd_use_tls') }}
{{ set_parameter('smtpd_tls_loglevel', 1) }}
{{ set_parameter('smtpd_tls_security_level', 'may') }}
{{ set_parameter('smtpd_tls_cert_file', '/etc/ssl/certs/ssl-cert-snakeoil.pem') }}
{{ set_parameter('smtpd_tls_key_file', '/etc/ssl/private/ssl-cert-snakeoil.key') }}
{{ set_parameter('smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache') }}
{{ set_parameter('smtpd_tls_mandatory_ciphers', 'high') }}
{{ set_parameter('smtpd_tls_mandatory_exclude_ciphers', ['aNULL', 'MD5']) }}
{{ set_parameter('smtpd_tls_mandatory_protocols', ['!SSLv2', '!SSLv3']) }}
{{ set_parameter('tls_preempt_cipherlist', 'yes') }}
# Relay/Sender settings
{{ set_parameter('smtp_tls_loglevel', 1) }}
{{ set_parameter('smtp_tls_security_level', 'may') }}
{{ set_parameter('smtp_tls_session_cache_database', 'btree:${data_directory}/smtp_scache') }}
{%- endif %}