1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-26 02:57:04 +00:00

the switch of smtpd_tls_security_level may to encrypt for submission broke smtpd_tls_protocols

The submission port began offering SSLv3.

With `encrypt`, the smtpd_tls_protocols option is ignored and smtpd_tls_mandatory_protocols must be set instead.

see e39b777abc
This commit is contained in:
Joshua Tauberer 2015-05-20 22:20:45 +00:00
parent c999c6082f
commit eb5e8fe388
2 changed files with 2 additions and 2 deletions

View File

@ -5,7 +5,7 @@ In Development
-------------- --------------
* ownCloud updated to version 8.0.3. * ownCloud updated to version 8.0.3.
* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version.
v0.09 (May 8, 2015) v0.09 (May 8, 2015)
------------------- -------------------

View File

@ -78,7 +78,7 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
-o syslog_name=postfix/submission -o syslog_name=postfix/submission
-o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_milters=inet:127.0.0.1:8891
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 -o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
-o cleanup_service_name=authclean" \ -o cleanup_service_name=authclean" \
"authclean=unix n - - - 0 cleanup "authclean=unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters"