From 1b2926a24df1c52d819a6a0cd3927a8d5eb95860 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Mon, 29 Nov 2021 21:24:04 +0100 Subject: [PATCH] postfix only newer TLS versions --- bundles/postfix/files/main.cf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bundles/postfix/files/main.cf b/bundles/postfix/files/main.cf index d3ad792..3c0e190 100644 --- a/bundles/postfix/files/main.cf +++ b/bundles/postfix/files/main.cf @@ -37,6 +37,8 @@ smtpd_tls_auth_only = yes smtpd_tls_cert_file = /var/lib/dehydrated/certs/${hostname}/fullchain.pem smtpd_tls_key_file = /var/lib/dehydrated/certs/${hostname}/privkey.pem smtp_tls_security_level = may +smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_restriction_classes = mua_sender_restrictions, mua_client_restrictions, mua_helo_restrictions mua_client_restrictions = permit_sasl_authenticated, reject