|
Size: 6370
Comment:
|
Size: 6579
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 34: | Line 34: |
| lmtp_tls_fingerprint_digest = sha1 | |
| Line 58: | Line 59: |
| #lmtp_use_tls (default: no) | #lmtp_use_tls (default: no) <- deprecaded with 2.3 -> smtpd_tls_security_level |
| Line 82: | Line 83: |
| smtp_tls_fingerprint_digest = sha1 | |
| Line 101: | Line 103: |
| smtp_tls_security_level = may | |
| Line 105: | Line 108: |
| #smtp_use_tls (default: no) <- opportunistic mode smtp_use_tls = yes |
#smtp_use_tls (default: no) <- deprecaded with 2.3 -> smtp_tls_security_level |
| Line 134: | Line 137: |
| smtpd_tls_fingerprint_digest = sha1 | |
| Line 152: | Line 156: |
| #smtpd_use_tls (default: no) <- opportunistic mode smtpd_use_tls = yes |
#smtpd_use_tls (default: no) <- deprecaded with 2.3 -> smtpd_tls_security_level |
postfix
Crypto
1 ### Cipherlists
2 #tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
3 #tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
4 #tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
5 #tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
6 #tls_null_cipherlist = eNULL:!aNULL
7
8
9 ### LMTP Client
10 #lmtp_enforce_tls (default: no)
11 #lmtp_sasl_tls_security_options (default: $lmtp_sasl_security_options)
12 #lmtp_sasl_tls_verified_security_options (default: $lmtp_sasl_tls_security_options)
13 #lmtp_starttls_timeout (default: 300s)
14 #lmtp_tls_CAfile (default: empty)
15 #lmtp_tls_CApath (default: empty)
16 #lmtp_tls_block_early_mail_reply (default: empty)
17 #lmtp_tls_cert_file (default: empty)
18 #lmtp_tls_ciphers (default: export)
19 lmtp_tls_ciphers = high
20 #lmtp_tls_dcert_file (default: empty)
21 #lmtp_tls_dkey_file (default: $lmtp_tls_dcert_file)
22 #lmtp_tls_eccert_file (default: empty)
23 #lmtp_tls_eckey_file (default: empty)
24 #lmtp_tls_enforce_peername (default: yes)
25 #lmtp_tls_exclude_ciphers (default: empty)
26 lmtp_tls_exclude_ciphers = RC4
27 #lmtp_tls_fingerprint_cert_match (default: empty)
28 #lmtp_tls_fingerprint_digest (default: md5)
29 lmtp_tls_fingerprint_digest = sha1
30 #lmtp_tls_force_insecure_host_tlsa_lookup (default: no)
31 #lmtp_tls_key_file (default: $lmtp_tls_cert_file)
32 #lmtp_tls_loglevel (default: 0)
33 #lmtp_tls_mandatory_ciphers (default: empty)
34 lmtp_tls_mandatory_ciphers = high
35 #lmtp_tls_mandatory_exclude_ciphers (default: empty)
36 lmtp_tls_mandatory_exclude_ciphers = RC4
37 #lmtp_tls_mandatory_protocols (default: !SSLv2)
38 lmtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0
39 #lmtp_tls_note_starttls_offer (default: no)
40 #lmtp_tls_per_site (default: empty)
41 #lmtp_tls_policy_maps (default: empty)
42 #lmtp_tls_protocols (default: empty)
43 lmtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1.0
44 #lmtp_tls_scert_verifydepth (default: 9)
45 #lmtp_tls_secure_cert_match (default: nexthop)
46 #lmtp_tls_security_level (default: empty)
47 # possible values: none, may, encrypt, dane, dane-only,
48 # fingerprint, verify, secure
49 lmtp_tls_security_level = may
50 #lmtp_tls_session_cache_database (default: empty)
51 #lmtp_tls_session_cache_timeout (default: 3600s)
52 #lmtp_tls_trust_anchor_file (default: empty)
53 #lmtp_tls_verify_cert_match (default: hostname)
54 #lmtp_use_tls (default: no) <- deprecaded with 2.3 -> smtpd_tls_security_level
55
56
57 ### SMTP Client
58 #smtp_enforce_tls (default: no)
59 #smtp_sasl_tls_security_options (default: $smtp_sasl_security_options)
60 #smtp_sasl_tls_verified_security_options (default: $smtp_sasl_tls_security_options)
61 #smtp_starttls_timeout (default: 300s)
62 #smtp_tls_CAfile (default: empty)
63 #smtp_tls_CApath (default: empty)
64 #smtp_tls_block_early_mail_reply (default: no)
65 #smtp_tls_cert_file (default: empty)
66 #smtp_tls_cipherlist (default: empty) <- obsolete
67 #smtp_tls_ciphers (default: export)
68 smtp_tls_ciphers = high
69 #smtp_tls_dcert_file (default: empty)
70 #smtp_tls_dkey_file (default: $smtp_tls_dcert_file)
71 #smtp_tls_eccert_file (default: empty)
72 #smtp_tls_eckey_file (default: $smtp_tls_eccert_file)
73 #smtp_tls_enforce_peername (default: yes)
74 #smtp_tls_exclude_ciphers (default: empty)
75 smtp_tls_exclude_ciphers = RC4
76 #smtp_tls_fingerprint_cert_match (default: empty)
77 #smtp_tls_fingerprint_digest (default: md5)
78 smtp_tls_fingerprint_digest = sha1
79 #smtp_tls_force_insecure_host_tlsa_lookup (default: no)
80 #smtp_tls_key_file (default: $smtp_tls_cert_file)
81 #smtp_tls_loglevel (default: 0)
82 #smtp_tls_mandatory_ciphers (default: medium)
83 smtp_tls_mandatory_ciphers = high
84 #smtp_tls_mandatory_exclude_ciphers (default: empty)
85 smtp_tls_mandatory_exclude_ciphers = RC4
86 #smtp_tls_mandatory_protocols (default: !SSLv2)
87 smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0
88 #smtp_tls_note_starttls_offer (default: no)
89 #smtp_tls_per_site (default: empty)
90 #smtp_tls_policy_maps (default: empty)
91 #smtp_tls_protocols (default: !SSLv2)
92 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1.0
93 #smtp_tls_scert_verifydepth (default: 9)
94 #smtp_tls_secure_cert_match (default: nexthop, dot-nexthop)
95 #smtp_tls_security_level (default: empty)
96 # possible values: none, may, encrypt, dane, dane-only,
97 # fingerprint, verify, secure
98 smtp_tls_security_level = may
99 #smtp_tls_session_cache_database (default: empty)
100 #smtp_tls_session_cache_timeout (default: 3600s)
101 #smtp_tls_trust_anchor_file (default: empty)
102 #smtp_tls_verify_cert_match (default: hostname)
103 #smtp_use_tls (default: no) <- deprecaded with 2.3 -> smtp_tls_security_level
104
105
106
107 ### SMTPD Server
108 #smtpd_client_new_tls_session_rate_limit (default: 0)
109 #smtpd_enforce_tls (default: no)
110 #smtpd_sasl_tls_security_options (default: $smtpd_sasl_security_options)
111 #smtpd_starttls_timeout (default: see postconf -d output)
112 #smtpd_tls_CAfile (default: empty)
113 #smtpd_tls_CApath (default: empty)
114 #smtpd_tls_always_issue_session_ids (default: yes)
115 #smtpd_tls_ask_ccert (default: no)
116 #smtpd_tls_auth_only (default: no)
117 #smtpd_tls_ccert_verifydepth (default: 9)
118 #smtpd_tls_cert_file (default: empty)
119 #smtpd_tls_cipherlist (default: empty) <- obsolete
120 #smtpd_tls_ciphers (default: export)
121 smtpd_tls_ciphers = high
122 #smtpd_tls_dcert_file (default: empty)
123 #smtpd_tls_dh1024_param_file (default: empty)
124 #smtpd_tls_dh512_param_file (default: empty)
125 #smtpd_tls_dkey_file (default: $smtpd_tls_dcert_file)
126 #smtpd_tls_eccert_file (default: empty)
127 #smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file)
128 #smtpd_tls_eecdh_grade (default: see postconf -d output)
129 #smtpd_tls_exclude_ciphers (default: empty)
130 smtpd_tls_exclude_ciphers = RC4
131 #smtpd_tls_fingerprint_digest (default: md5)
132 smtpd_tls_fingerprint_digest = sha1
133 #smtpd_tls_key_file (default: $smtpd_tls_cert_file)
134 #smtpd_tls_loglevel (default: 0)
135 #smtpd_tls_mandatory_ciphers (default: medium)
136 smtpd_tls_mandatory_ciphers = high
137 #smtpd_tls_mandatory_exclude_ciphers (default: empty)
138 smtpd_tls_mandatory_exclude_ciphers = RC4
139 #smtpd_tls_mandatory_protocols (default: !SSLv2)
140 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1.0
141 #smtpd_tls_protocols (default: none)
142 smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1.0
143 #smtpd_tls_received_header (default: no)
144 #smtpd_tls_req_ccert (default: no)
145 #smtpd_tls_security_level (default: empty)
146 # possible values: none, may, encrypt
147 smtpd_tls_security_level = may
148 #smtpd_tls_session_cache_database (default: empty)
149 #smtpd_tls_session_cache_timeout (default: 3600s)
150 #smtpd_tls_wrappermode (default: no)
151 #smtpd_use_tls (default: no) <- deprecaded with 2.3 -> smtpd_tls_security_level