external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-23 18:57:23 +01:00
Code Issues Releases Wiki Activity

update bind9 configuration

Browse Source
This commit is contained in:
Joshua Tauberer
2018-10-03 14:28:43 -04:00
parent bc4bdca752
commit 3dbd6c994a
3 changed files with 44 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
setup/mail-postfix.sh
View File

@@ -146,7 +146,7 @@ tools/editconf.py /etc/postfix/main.cf \
# then opportunistic TLS is used. Otherwise the server certificate must match the TLSA records
# or else the mail bounces. TLSA also requires DNSSEC on the MX host. Postfix doesn't do DNSSEC
# itself but assumes the system's nameserver does and reports DNSSEC status. Thus this also
# relies on our local bind9 server being present and `smtp_dns_support_level=dnssec`.
# relies on our local DNS server (see system.sh) and `smtp_dns_support_level=dnssec`.
#
# The `smtp_tls_CAfile` is superflous, but it eliminates warnings in the logs about untrusted certs,
# which we don't care about seeing because Postfix is doing opportunistic TLS anyway. Better to encrypt,