docker/docker-mail
1
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases 6 Wiki Activity

fix(postfix): only use the servers order of tls ciphers

Browse Source 
Don't allow a client to specify which TLS ciphers to use. They may
pick a less secure one.
MR !7
This commit is contained in:
Jon Lockwood
2022-02-18 14:08:38 +09:30
parent 41e03936cc
commit 5f7095f274
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
dockerfile
View File

@ -179,6 +179,7 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \
# Only add missing headers for authenticated users (mail users) and my networks and mail orginating from localhost # Only add missing headers for authenticated users (mail users) and my networks and mail orginating from localhost
&& postconf -e "local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces" \ && postconf -e "local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces" \
# set tls settings # set tls settings
&& postfonf -e "tls_preempt_cipherlist = yes" \
&& postconf -e "tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION" \ && postconf -e "tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION" \
&& postconf -e "smtpd_tls_cert_file=/certs/postfix/cert.pem" \ && postconf -e "smtpd_tls_cert_file=/certs/postfix/cert.pem" \
&& postconf -e "smtpd_tls_key_file=/certs/postfix/key.pem" \ && postconf -e "smtpd_tls_key_file=/certs/postfix/key.pem" \