tls config in main.cf
This commit is contained in:
parent
057c9e3b6d
commit
6bc0fd1a62
@ -28,7 +28,7 @@ smtpd_milters =
|
|||||||
inet:{{getenv "SPAMASSASSINHOST"}}:{{getenv "SPAMASSASSINPORT"}}
|
inet:{{getenv "SPAMASSASSINHOST"}}:{{getenv "SPAMASSASSINPORT"}}
|
||||||
non_smtpd_milters = $smtpd_milters
|
non_smtpd_milters = $smtpd_milters
|
||||||
milter_default_action = accept
|
milter_default_action = accept
|
||||||
milter_connect_macros = "i j {daemon_name} v {if_name} _"
|
#milter_connect_macros = "i j {daemon_name} v {if_name} _"
|
||||||
message_size_limit = {{getenv "MESSAGESIZELIMIT"}}
|
message_size_limit = {{getenv "MESSAGESIZELIMIT"}}
|
||||||
sender_dependent_default_transport_maps = hash:/etc/postfix/sender-transport
|
sender_dependent_default_transport_maps = hash:/etc/postfix/sender-transport
|
||||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||||
@ -37,4 +37,12 @@ smtpd_tls_mandatory_protocols = {{getenv "TLSMANDATORYPROTOCOLS"}}
|
|||||||
tls_preempt_cipherlist = yes
|
tls_preempt_cipherlist = yes
|
||||||
smtpd_tls_mandatory_ciphers = {{getenv "TLSMANDATORYCIPHERS"}}
|
smtpd_tls_mandatory_ciphers = {{getenv "TLSMANDATORYCIPHERS"}}
|
||||||
smtpd_tls_ciphers = {{getenv "TLSCIPHERS"}}
|
smtpd_tls_ciphers = {{getenv "TLSCIPHERS"}}
|
||||||
smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLSMANDATORYEXCLUDECIPHERS"}}
|
smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLSMANDATORYEXCLUDECIPHERS"}}
|
||||||
|
smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
|
||||||
|
smtp_tls_ciphers = $smtpd_tls_ciphers
|
||||||
|
lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
|
||||||
|
lmtp_tls_ciphers = $smtpd_tls_ciphers
|
||||||
|
smtputf8_enable = no
|
||||||
|
biff = no
|
||||||
|
smtpd_tls_key_file=/etc/ssl/mail/privkey.pem
|
||||||
|
smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem
|
||||||
|
@ -1,10 +1,8 @@
|
|||||||
smtp inet n - - - - smtpd
|
smtp inet n - - - - smtpd
|
||||||
-o syslog_name=postfix/smtp
|
-o syslog_name=postfix/smtp
|
||||||
-o myhostname={{getenv "MYDOMAIN"}}
|
-o myhostname={{getenv "MYDOMAIN"}}
|
||||||
-o smtpd_tls_key_file=/etc/ssl/mail/privkey.pem
|
|
||||||
-o smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem
|
|
||||||
|
|
||||||
{{getenv "MYDOMAIN"}}-out unix - - - - - smtp
|
{{getenv "MYDOMAIN"}}-out unix - - - - - smtp
|
||||||
-o smtp_helo_name={{getenv "MYHOSTNAME"}}
|
-o smtp_helo_name={{getenv "MYHOSTNAME"}}
|
||||||
-o syslog_name=postfix/smtp-out
|
-o syslog_name=postfix/smtp-out
|
||||||
|
|
||||||
@ -15,14 +13,10 @@ submission inet n - - - - smtpd
|
|||||||
-o smtpd_sasl_auth_enable=yes
|
-o smtpd_sasl_auth_enable=yes
|
||||||
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
|
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
|
||||||
-o milter_macro_daemon_name=ORIGINATING
|
-o milter_macro_daemon_name=ORIGINATING
|
||||||
-o smtpd_tls_key_file=/etc/ssl/mail/privkey.pem
|
|
||||||
-o smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem
|
|
||||||
|
|
||||||
smtp inet n - n - - smtpd
|
|
||||||
pickup unix n - n 60 1 pickup
|
pickup unix n - n 60 1 pickup
|
||||||
cleanup unix n - n - 0 cleanup
|
cleanup unix n - n - 0 cleanup
|
||||||
qmgr unix n - n 300 1 qmgr
|
qmgr unix n - n 300 1 qmgr
|
||||||
#qmgr unix n - n 300 1 oqmgr
|
|
||||||
tlsmgr unix - - n 1000? 1 tlsmgr
|
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||||
rewrite unix - - n - - trivial-rewrite
|
rewrite unix - - n - - trivial-rewrite
|
||||||
bounce unix - - n - 0 bounce
|
bounce unix - - n - 0 bounce
|
||||||
|
@ -1 +1 @@
|
|||||||
@{{getenv "MYDOMAIN"}} {{getenv "MYDOMAIN"}}-out
|
@{{getenv "MYDOMAIN"}} {{getenv "MYDOMAIN"}}-out
|
||||||
|
Loading…
Reference in New Issue
Block a user