|
|
@@ -21,22 +21,32 @@ append_dot_mydomain = no
|
|
|
readme_directory = no
|
|
|
|
|
|
# TLS parameters
|
|
|
-smtpd_use_tls = yes
|
|
|
+smtpd_tls_security_level = may
|
|
|
smtpd_tls_loglevel = 1
|
|
|
smtpd_tls_received_header = yes
|
|
|
smtpd_tls_ask_ccert = yes
|
|
|
smtpd_tls_req_ccert = no
|
|
|
-smtpd_tls_session_cache_timeout = 3600
|
|
|
+smtpd_tls_auth_only = yes
|
|
|
+smtpd_tls_mandatory_ciphers = high
|
|
|
+smtpd_tls_mandatory_exclude_ciphers = aNULL, RC4, MD5
|
|
|
+smtpd_tls_protocols = !SSLv2, !SSLv3
|
|
|
+smtpd_tls_dh1024_param_file = /etc/ssl/private/dh2048.pem
|
|
|
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
|
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
|
|
|
+smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
+smtpd_tls_session_cache_timeout = 3600
|
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
|
|
|
|
-smtp_use_tls = yes
|
|
|
+smtp_tls_security_level = may
|
|
|
smtp_tls_loglevel = 1
|
|
|
smtp_tls_note_starttls_offer = yes
|
|
|
+smtp_tls_cert_file = $smtpd_tls_cert_file
|
|
|
+smtp_tls_key_file = $smtpd_tls_key_file
|
|
|
+smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
|
|
|
+smtp_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
|
|
|
+smtp_tls_protocols = $smtpd_tls_protocols
|
|
|
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
smtp_tls_session_cache_timeout = 3600
|
|
|
-smtp_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
|
-smtp_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
|
|
myhostname = {{ ansible_fqdn }}
|
