Hardening TLS ciphers (#492)

* Hardening Dovecot TLS ciphers * Mitigate Logjam vulnerability on Dovecot * Mitigate Logjam vulnerability on Postfix * Add Nmap tests of PCI compliance for Postfix and Dovecot * Increase sleep duration on Makefile steps to avoid races
2025-07-22 03:34:38 +02:00 · 2017-01-25 15:10:40 +02:00 · 2017-01-25 15:10:40 +02:00 · d40ae81d09
commit d40ae81d09
parent fed48e646d
5 changed files with 48 additions and 10 deletions
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@ -6,11 +6,11 @@ append_dot_mydomain = no
 readme_directory = no

 # Basic configuration
-# myhostname = 
+# myhostname =
 alias_maps = texthash:/etc/aliases
 alias_database = texthash:/etc/aliases
-mydestination = 
-relayhost = 
+mydestination =
+relayhost =
 mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64
 mailbox_size_limit = 0
 recipient_delimiter = +
@ -33,6 +33,7 @@ smtp_tls_protocols=!SSLv2,!SSLv3
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
+smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
 smtpd_tls_CApath = /etc/ssl/certs
 smtp_tls_CApath = /etc/ssl/certs