[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)

[Postfix] Force route localhost$ over local:
master
andryyy 2019-03-06 15:09:28 +01:00
parent 6dc5318673
commit 9abbe7eb1d
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
3 changed files with 4 additions and 1 deletions

View File

@ -0,0 +1 @@
/localhost$/ local:

View File

@ -138,5 +138,5 @@ smtp_sasl_mechanism_filter = plain, login
smtp_tls_policy_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf smtp_tls_policy_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
mail_name = Postcow mail_name = Postcow
transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf transport_maps = pcre:/opt/postfix/conf/local_transport, proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
smtp_sasl_auth_soft_bounce = no smtp_sasl_auth_soft_bounce = no

View File

@ -6,11 +6,13 @@ smtpd pass - - n - - smtpd
smtps inet n - n - - smtpd smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
submission inet n - n - - smtpd submission inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_enforce_tls=yes -o smtpd_enforce_tls=yes
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
588 inet n - n - - smtpd 588 inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject