From 5f5f00af4ac054d3b2ec51b38303ca5da73387e1 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 12 Jun 2016 09:08:08 -0400
Subject: [PATCH] for DANE, the smtp_tls_mandatory_protocols setting seems like
 it also needs to be set (unlike the cipher settings, this isn't documented to
 be in addition to the non-mandatory setting)

---
 setup/mail-postfix.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index f9457519..d62478e1 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -160,6 +160,7 @@ tools/editconf.py /etc/postfix/main.cf \
 # now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
 tools/editconf.py /etc/postfix/main.cf \
 	smtp_tls_protocols=\!SSLv2,\!SSLv3 \
+	smtp_tls_mandatory_protocols=\!SSLv2,\!SSLv3 \
 	smtp_tls_ciphers=medium \
 	smtp_tls_exclude_ciphers=aNULL,RC4 \
 	smtp_tls_security_level=dane \