feat(ssl_tls): updated dovecot and postfix accepted ciphers

used https://ssl-config.mozilla.org/ to generate recommended
ciphers config for dovecot and postfix.

postfix set to use medium ciphers due to possibility of smtp
servers not being updated to latest.

MR !9

dockerfile

@@ -193,10 +193,12 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \
   && postconf -e "smtpd_delay_reject = yes" \
   && postconf -e "disable_vrfy_command = yes" \
   # use secure protocols and cyphers
+  # Generated by https://ssl-config.mozilla.org/
+  #&& postconf -e "smtpd_tls_mandatory_ciphers=high" \
   && postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
   && postconf -e "smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
-  && postconf -e "smtpd_tls_mandatory_ciphers=high" \
   && postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
+  && postconf -e "tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
      # SPF postfix Settings
   && postconf -e "policyd-spf_time_limit=3600" \
     # Connection defaults to reject where possible/advised

include/etc/dovecot/conf.d/10-ssl.conf

@@ -15,3 +15,6 @@ ssl_dh = </certs/dovecot/dh.pem
 ssl_cert = </certs/dovecot/cert.pem
 ssl_key = </certs/dovecot/key.pem
 
+# Generated by https://ssl-config.mozilla.org/ 
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384