forked from infra/ansible
Use "smtpd_tls_ciphers = medium" for TLS security.
This commit is contained in:
parent
cb54f03a2a
commit
ec50f7afcb
@ -35,11 +35,11 @@ smtpd_tls_key_file=/etc/postfix/ssl/{{ ansible_fqdn }}.key
|
|||||||
#smtpd_tls_CAfile=TODO
|
#smtpd_tls_CAfile=TODO
|
||||||
smtpd_use_tls=yes
|
smtpd_use_tls=yes
|
||||||
|
|
||||||
|
smtpd_tls_ciphers = medium
|
||||||
|
|
||||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||||
|
|
||||||
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
|
|
||||||
|
|
||||||
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
||||||
# information on enabling SSL in the smtp client.
|
# information on enabling SSL in the smtp client.
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user