|
|
@@ -89,18 +89,17 @@ smtpd_soft_error_limit = 3
|
|
|
smtpd_tls_auth_only = yes
|
|
|
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
|
|
|
smtpd_tls_eecdh_grade = strong
|
|
|
-smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
|
|
|
+smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA
|
|
|
smtpd_tls_loglevel = 1
|
|
|
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
|
|
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
smtp_tls_protocols = !SSLv2, !SSLv3
|
|
|
-lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
|
|
-lmtp_tls_protocols = !SSLv2, !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
|
|
+lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
+lmtp_tls_protocols = !SSLv2, !SSLv2, !SSLv3
|
|
|
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
smtpd_tls_protocols = !SSLv2, !SSLv3
|
|
|
-smtpd_tls_mandatory_ciphers = high
|
|
|
smtpd_tls_security_level = may
|
|
|
tls_ssl_options = NO_COMPRESSION
|
|
|
-tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
|
|
|
+smtpd_tls_mandatory_ciphers = high
|
|
|
virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf,
|
|
|
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf,
|
|
|
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf,
|
André