From 41e03936cc6e36473d0c962361d822d95ae69e86 Mon Sep 17 00:00:00 2001 From: Jon Lockwood Date: Fri, 18 Feb 2022 13:49:39 +0930 Subject: [PATCH] feat(postfix): no compression or renegotiation Client should not attempt to rengotiation of TLS. MAN states that compression during tls not nessacarly benificial. MR !7 --- dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dockerfile b/dockerfile index 6229fc6..03af313 100644 --- a/dockerfile +++ b/dockerfile @@ -179,6 +179,7 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \ # Only add missing headers for authenticated users (mail users) and my networks and mail orginating from localhost && postconf -e "local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces" \ # set tls settings + && postconf -e "tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION" \ && postconf -e "smtpd_tls_cert_file=/certs/postfix/cert.pem" \ && postconf -e "smtpd_tls_key_file=/certs/postfix/key.pem" \ && postconf -e "smtpd_helo_required = yes" \ @@ -201,7 +202,7 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \ # RCPT TO restrictions && postconf -e "smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,check_policy_service,unix:private/policyd-spf,check_policy_service unix:private/quota,permit_auth_destination,reject" \ # RCPT TO restrictions - && postconf -e "smtpd_relay_restrictions=reject_non_fqdn_recipient,permit_auth_destination,reject" \ + && postconf -e "smtpd_relay_restrictions=reject_non_fqdn_recipient,permit_auth_destination,reject" EXPOSE 25 587 993 4190