lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

add a default tls_policy_map

Browse Source
master
Florent Daigniere 3 years ago
parent 1df79f8132
commit b066a5e2ac
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File

4
core/postfix/conf/main.cf
Unescape Escape View File

@ -55,10 +55,12 @@ tls_ssl_options = NO_COMPRESSION, NO_TICKET
# By default, outgoing TLS is more flexible because # By default, outgoing TLS is more flexible because
# 1. not all receiving servers will support TLS, # 1. not all receiving servers will support TLS,
# 2. not all will have and up-to-date TLS stack. # 2. not all will have and up-to-date TLS stack.
smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('may') }}
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols =!SSLv2,!SSLv3 smtp_tls_protocols =!SSLv2,!SSLv3
smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('may') }}
smtp_tls_policy_maps=hash:/etc/postfix/tls_policy.map
smtp_tls_CApath = /etc/ssl/certs
############### ###############
# Virtual # Virtual

5
core/postfix/start.py
Unescape Escape View File

@ -66,6 +66,11 @@ for map_file in glob.glob("/overrides/*.map"):
os.system("postmap {}".format(destination)) os.system("postmap {}".format(destination))
os.remove(destination) os.remove(destination)
if not os.path.exists("/etc/postfix/tls_policy.map.db"):
with open("/etc/postfix/tls_policy.map", "w") as f:
f.write("gmail.com\tsecure\n")
os.system("postmap /etc/postfix/tls_policy.map")
if "RELAYUSER" in os.environ: if "RELAYUSER" in os.environ:
path = "/etc/postfix/sasl_passwd" path = "/etc/postfix/sasl_passwd"
conf.jinja("/conf/sasl_passwd", os.environ, path) conf.jinja("/conf/sasl_passwd", os.environ, path)

Write Preview
Loading…
Cancel
Save