bad ciphers were allowed in smtp submssion
This disallows aNULL and other bad ciphers in the Postfix submission server.
I missed an option in 45e93f7dcc
recommended by the blog post I was reading.
Fixes #389.
This commit is contained in:
parent
cbb7f29f96
commit
8c6363f792
|
@ -75,7 +75,7 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
|
||||||
"submission=inet n - - - - smtpd
|
"submission=inet n - - - - smtpd
|
||||||
-o syslog_name=postfix/submission
|
-o syslog_name=postfix/submission
|
||||||
-o smtpd_milters=inet:127.0.0.1:8891
|
-o smtpd_milters=inet:127.0.0.1:8891
|
||||||
-o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3
|
-o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 -o smtpd_tls_protocols=!SSLv2,!SSLv3
|
||||||
-o cleanup_service_name=authclean" \
|
-o cleanup_service_name=authclean" \
|
||||||
"authclean=unix n - - - 0 cleanup
|
"authclean=unix n - - - 0 cleanup
|
||||||
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters"
|
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters"
|
||||||
|
|
Loading…
Reference in New Issue