From a3d8daa585a019756711fabddf8f788109414dbb Mon Sep 17 00:00:00 2001
From: d-fens <d_fens@redbrick.dcu.ie>
Date: Fri, 19 Aug 2016 12:20:50 +0100
Subject: [PATCH] Update postfix SSL/TLS configuration

Ensure that RC4 and SSLv3 is not used. This is based off mailinabox project settings, while not the most ideal settings this improves the configuration from what it is currently.
---
 postfix/conf/main.cf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf
index f9657b80..33f0d036 100644
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -26,6 +26,10 @@ smtpd_tls_key_file=/certs/key.pem
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_security_level = may
+smtpd_tls_protocols=!SSLv2,!SSLv3
+smtpd_tls_ciphers=medium
+smtpd_tls_exclude_ciphers=aNULL,RC4
+
 
 ###############
 # SASL