From ffdfa8f08bc53eb9c0e3b01b26a07212211a4159 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Thu, 7 Apr 2016 00:01:54 +0200 Subject: [PATCH] Update postfix TLS settings. --- roles/mail/templates/postfix/main.cf.j2 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/mail/templates/postfix/main.cf.j2 b/roles/mail/templates/postfix/main.cf.j2 index 0cad6cc..e4dd850 100644 --- a/roles/mail/templates/postfix/main.cf.j2 +++ b/roles/mail/templates/postfix/main.cf.j2 @@ -28,20 +28,19 @@ alias_database = hash:/etc/aliases relayhost = # TLS parameters -smtp_use_tls = yes -smtp_tls_loglevel = 2 +smtp_tls_security_level = may +smtp_tls_loglevel = 1 smtpd_tls_cert_file=/etc/postfix/ssl/{{ mail_server }}.crt smtpd_tls_key_file=/etc/postfix/ssl/{{ mail_server }}.key smtpd_tls_CAfile=/etc/acme/lets-encrypt-x3-cross-signed.pem -smtpd_use_tls=yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes - smtpd_tls_ciphers = medium +smtpd_tls_received_header = yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client.