Size: 4159
Comment:
|
Size: 6338
Comment:
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
### Cipherlists #tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH #tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH #tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH #tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH #tls_null_cipherlist = eNULL:!aNULL |
|
Line 7: | Line 13: |
#tls_export_cipherlist #tls_low_cipherlist #tls_high_cipherlist #tls_null_cipherlist |
|
Line 12: | Line 14: |
### LMTP Client #lmtp_enforce_tls (default: no) #lmtp_sasl_tls_security_options (default: $lmtp_sasl_security_options) #lmtp_sasl_tls_verified_security_options (default: $lmtp_sasl_tls_security_options) #lmtp_starttls_timeout (default: 300s) #lmtp_tls_CAfile (default: empty) #lmtp_tls_CApath (default: empty) #lmtp_tls_block_early_mail_reply (default: empty) #lmtp_tls_cert_file (default: empty) #lmtp_tls_ciphers (default: export) lmtp_tls_ciphers = high #lmtp_tls_dcert_file (default: empty) #lmtp_tls_dkey_file (default: $lmtp_tls_dcert_file) #lmtp_tls_eccert_file (default: empty) #lmtp_tls_eckey_file (default: empty) #lmtp_tls_enforce_peername (default: yes) #lmtp_tls_exclude_ciphers (default: empty) #lmtp_tls_fingerprint_cert_match (default: empty) #lmtp_tls_fingerprint_digest (default: md5) #lmtp_tls_force_insecure_host_tlsa_lookup (default: no) #lmtp_tls_key_file (default: $lmtp_tls_cert_file) #lmtp_tls_loglevel (default: 0) #lmtp_tls_mandatory_ciphers (default: empty) lmtp_tls_mandatory_ciphers = high #lmtp_tls_mandatory_exclude_ciphers (default: empty) lmtp_tls_mandatory_exclude_ciphers = RC4 #lmtp_tls_mandatory_protocols (default: !SSLv2) lmtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0 #lmtp_tls_note_starttls_offer (default: no) #lmtp_tls_per_site (default: empty) #lmtp_tls_policy_maps (default: empty) #lmtp_tls_protocols (default: empty) lmtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1.0 #lmtp_tls_scert_verifydepth (default: 9) #lmtp_tls_secure_cert_match (default: nexthop) #lmtp_tls_security_level (default: empty) # possible values: none, may, encrypt, dane, dane-only, # fingerprint, verify, secure lmtp_tls_security_level = may #lmtp_tls_session_cache_database (default: empty) #lmtp_tls_session_cache_timeout (default: 3600s) #lmtp_tls_trust_anchor_file (default: empty) #lmtp_tls_verify_cert_match (default: hostname) #lmtp_use_tls (default: no) ### SMTP Client |
|
Line 28: | Line 77: |
Line 36: | Line 84: |
Line 46: | Line 93: |
Line 58: | Line 104: |
#smtp_use_tls (default: no) | #smtp_use_tls (default: no) <- opportunistic mode |
Line 62: | Line 108: |
### SMTPD | ### SMTPD Server |
Line 84: | Line 130: |
Line 90: | Line 135: |
Line 96: | Line 140: |
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1.0 | smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0 |
Line 99: | Line 143: |
Line 103: | Line 146: |
# possible values: none, may, encrypt, dane, dane-only, # fingerprint, verify, secure smtpd_tls_security_level = |
# possible values: none, may, encrypt smtpd_tls_security_level = may |
Line 109: | Line 151: |
#smtpd_use_tls (default: no) smtpd_use_tls=yes |
#smtpd_use_tls (default: no) <- opportunistic mode smtpd_use_tls = yes |
postfix
Crypto
1 ### Cipherlists
2 #tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
3 #tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
4 #tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
5 #tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
6 #tls_null_cipherlist = eNULL:!aNULL
7
8
9 ### LMTP Client
10 #lmtp_enforce_tls (default: no)
11 #lmtp_sasl_tls_security_options (default: $lmtp_sasl_security_options)
12 #lmtp_sasl_tls_verified_security_options (default: $lmtp_sasl_tls_security_options)
13 #lmtp_starttls_timeout (default: 300s)
14 #lmtp_tls_CAfile (default: empty)
15 #lmtp_tls_CApath (default: empty)
16 #lmtp_tls_block_early_mail_reply (default: empty)
17 #lmtp_tls_cert_file (default: empty)
18 #lmtp_tls_ciphers (default: export)
19 lmtp_tls_ciphers = high
20 #lmtp_tls_dcert_file (default: empty)
21 #lmtp_tls_dkey_file (default: $lmtp_tls_dcert_file)
22 #lmtp_tls_eccert_file (default: empty)
23 #lmtp_tls_eckey_file (default: empty)
24 #lmtp_tls_enforce_peername (default: yes)
25 #lmtp_tls_exclude_ciphers (default: empty)
26 #lmtp_tls_fingerprint_cert_match (default: empty)
27 #lmtp_tls_fingerprint_digest (default: md5)
28 #lmtp_tls_force_insecure_host_tlsa_lookup (default: no)
29 #lmtp_tls_key_file (default: $lmtp_tls_cert_file)
30 #lmtp_tls_loglevel (default: 0)
31 #lmtp_tls_mandatory_ciphers (default: empty)
32 lmtp_tls_mandatory_ciphers = high
33 #lmtp_tls_mandatory_exclude_ciphers (default: empty)
34 lmtp_tls_mandatory_exclude_ciphers = RC4
35 #lmtp_tls_mandatory_protocols (default: !SSLv2)
36 lmtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0
37 #lmtp_tls_note_starttls_offer (default: no)
38 #lmtp_tls_per_site (default: empty)
39 #lmtp_tls_policy_maps (default: empty)
40 #lmtp_tls_protocols (default: empty)
41 lmtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1.0
42 #lmtp_tls_scert_verifydepth (default: 9)
43 #lmtp_tls_secure_cert_match (default: nexthop)
44 #lmtp_tls_security_level (default: empty)
45 # possible values: none, may, encrypt, dane, dane-only,
46 # fingerprint, verify, secure
47 lmtp_tls_security_level = may
48 #lmtp_tls_session_cache_database (default: empty)
49 #lmtp_tls_session_cache_timeout (default: 3600s)
50 #lmtp_tls_trust_anchor_file (default: empty)
51 #lmtp_tls_verify_cert_match (default: hostname)
52 #lmtp_use_tls (default: no)
53
54
55 ### SMTP Client
56 #smtp_enforce_tls (default: no)
57 #smtp_sasl_tls_security_options (default: $smtp_sasl_security_options)
58 #smtp_sasl_tls_verified_security_options (default: $smtp_sasl_tls_security_options)
59 #smtp_starttls_timeout (default: 300s)
60 #smtp_tls_CAfile (default: empty)
61 #smtp_tls_CApath (default: empty)
62 #smtp_tls_block_early_mail_reply (default: no)
63 #smtp_tls_cert_file (default: empty)
64 #smtp_tls_cipherlist (default: empty) <- obsolete
65 #smtp_tls_ciphers (default: export)
66 smtp_tls_ciphers = high
67 #smtp_tls_dcert_file (default: empty)
68 #smtp_tls_dkey_file (default: $smtp_tls_dcert_file)
69 #smtp_tls_eccert_file (default: empty)
70 #smtp_tls_eckey_file (default: $smtp_tls_eccert_file)
71 #smtp_tls_enforce_peername (default: yes)
72 #smtp_tls_exclude_ciphers (default: empty)
73 smtp_tls_exclude_ciphers = RC4
74 #smtp_tls_fingerprint_cert_match (default: empty)
75 #smtp_tls_fingerprint_digest (default: md5)
76 #smtp_tls_force_insecure_host_tlsa_lookup (default: no)
77 #smtp_tls_key_file (default: $smtp_tls_cert_file)
78 #smtp_tls_loglevel (default: 0)
79 #smtp_tls_mandatory_ciphers (default: medium)
80 smtp_tls_mandatory_ciphers = high
81 #smtp_tls_mandatory_exclude_ciphers (default: empty)
82 smtp_tls_mandatory_exclude_ciphers = RC4
83 #smtp_tls_mandatory_protocols (default: !SSLv2)
84 smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0
85 #smtp_tls_note_starttls_offer (default: no)
86 #smtp_tls_per_site (default: empty)
87 #smtp_tls_policy_maps (default: empty)
88 #smtp_tls_protocols (default: !SSLv2)
89 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1.0
90 #smtp_tls_scert_verifydepth (default: 9)
91 #smtp_tls_secure_cert_match (default: nexthop, dot-nexthop)
92 #smtp_tls_security_level (default: empty)
93 # possible values: none, may, encrypt, dane, dane-only,
94 # fingerprint, verify, secure
95 #smtp_tls_session_cache_database (default: empty)
96 #smtp_tls_session_cache_timeout (default: 3600s)
97 #smtp_tls_trust_anchor_file (default: empty)
98 #smtp_tls_verify_cert_match (default: hostname)
99 #smtp_use_tls (default: no) <- opportunistic mode
100 smtp_use_tls = yes
101
102
103 ### SMTPD Server
104 #smtpd_client_new_tls_session_rate_limit (default: 0)
105 #smtpd_enforce_tls (default: no)
106 #smtpd_sasl_tls_security_options (default: $smtpd_sasl_security_options)
107 #smtpd_starttls_timeout (default: see postconf -d output)
108 #smtpd_tls_CAfile (default: empty)
109 #smtpd_tls_CApath (default: empty)
110 #smtpd_tls_always_issue_session_ids (default: yes)
111 #smtpd_tls_ask_ccert (default: no)
112 #smtpd_tls_auth_only (default: no)
113 #smtpd_tls_ccert_verifydepth (default: 9)
114 #smtpd_tls_cert_file (default: empty)
115 #smtpd_tls_cipherlist (default: empty) <- obsolete
116 #smtpd_tls_ciphers (default: export)
117 smtpd_tls_ciphers = high
118 #smtpd_tls_dcert_file (default: empty)
119 #smtpd_tls_dh1024_param_file (default: empty)
120 #smtpd_tls_dh512_param_file (default: empty)
121 #smtpd_tls_dkey_file (default: $smtpd_tls_dcert_file)
122 #smtpd_tls_eccert_file (default: empty)
123 #smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file)
124 #smtpd_tls_eecdh_grade (default: see postconf -d output)
125 #smtpd_tls_exclude_ciphers (default: empty)
126 smtpd_tls_exclude_ciphers = RC4
127 #smtpd_tls_fingerprint_digest (default: md5)
128 #smtpd_tls_key_file (default: $smtpd_tls_cert_file)
129 #smtpd_tls_loglevel (default: 0)
130 #smtpd_tls_mandatory_ciphers (default: medium)
131 smtpd_tls_mandatory_ciphers = high
132 #smtpd_tls_mandatory_exclude_ciphers (default: empty)
133 smtpd_tls_mandatory_exclude_ciphers = RC4
134 #smtpd_tls_mandatory_protocols (default: !SSLv2)
135 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0
136 #smtpd_tls_protocols (default: none)
137 smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1.0
138 #smtpd_tls_received_header (default: no)
139 #smtpd_tls_req_ccert (default: no)
140 #smtpd_tls_security_level (default: empty)
141 # possible values: none, may, encrypt
142 smtpd_tls_security_level = may
143 #smtpd_tls_session_cache_database (default: empty)
144 #smtpd_tls_session_cache_timeout (default: 3600s)
145 #smtpd_tls_wrappermode (default: no)
146 #smtpd_use_tls (default: no) <- opportunistic mode
147 smtpd_use_tls = yes