From eb5e8fe388c4f79691f2ea3b7a0f790f16d827fd Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 20 May 2015 22:20:45 +0000 Subject: [PATCH] the switch of smtpd_tls_security_level may to encrypt for submission broke smtpd_tls_protocols The submission port began offering SSLv3. With `encrypt`, the smtpd_tls_protocols option is ignored and smtpd_tls_mandatory_protocols must be set instead. see e39b777abca6c4aa4a330d7f065d46c239ecd112 --- CHANGELOG.md | 2 +- setup/mail-postfix.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65a5a0dd..6ecb77a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ In Development -------------- * ownCloud updated to version 8.0.3. - +* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version. v0.09 (May 8, 2015) ------------------- diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index e9e189a7..8926c1f1 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -78,7 +78,7 @@ tools/editconf.py /etc/postfix/master.cf -s -w \ -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_security_level=encrypt - -o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 -o smtpd_tls_protocols=!SSLv2,!SSLv3 + -o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 -o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" \ "authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters"