Postfix ssl stuff: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „*cat /etc/postfix/main.cf <pre> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_protocols = !SSLv2, !SSLv3 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3…“) |
|||
| Zeile 1: | Zeile 1: | ||
*cat /etc/postfix/main.cf | *cat /etc/postfix/main.cf | ||
<pre> | <pre> | ||
| − | smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 | + | smtp_use_tls = yes |
| − | smtp_tls_protocols = !SSLv2, !SSLv3 | + | smtp_tls_note_starttls_offer = yes |
| − | lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 | + | smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 |
| − | lmtp_tls_protocols = !SSLv2, !SSLv3 | + | smtp_tls_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 |
| − | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 | + | lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 |
| − | smtpd_tls_protocols = !SSLv2, !SSLv3 | + | lmtp_tls_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 |
| + | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 | ||
| + | smtpd_tls_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 | ||
smtpd_tls_mandatory_ciphers=high | smtpd_tls_mandatory_ciphers=high | ||
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA | tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA | ||
| + | disable_vrfy_command=yes | ||
| + | smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem | ||
| + | |||
</pre> | </pre> | ||
Aktuelle Version vom 9. Dezember 2020, 11:07 Uhr
- cat /etc/postfix/main.cf
smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 smtp_tls_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 lmtp_tls_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3 , !TLSv1 , !TLSv1.1 smtpd_tls_mandatory_ciphers=high tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA disable_vrfy_command=yes smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem