From 875db33579343a1b5cf80273d07c8b9f45a9d110 Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Wed, 20 Sep 2017 09:26:42 +0200 Subject: [PATCH] comments on extra lines --- mail-server/postfix.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index 39ad90a..0def881 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -82,14 +82,19 @@ in smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination - + # TLS settings, inspired by https://github.com/jeaye/nix-files - smtpd_tls_security_level = may # Submission by mail clients is handled in submissionOptions - smtpd_tls_eecdh_grade = ultra # strong might suffice and is computationally less expensive - smtpd_tls_protocols = !SSLv2, !SSLv3 # Disable predecessors to TLS - smtpd_tls_auth_only = yes # Allowing AUTH on a non encrypted connection poses a security risk - smtpd_tls_loglevel = 1 # Log only a summary message on TLS handshake completion - + # Submission by mail clients is handled in submissionOptions + smtpd_tls_security_level = may + # strong might suffice and is computationally less expensive + smtpd_tls_eecdh_grade = ultra + # Disable predecessors to TLS + smtpd_tls_protocols = !SSLv2, !SSLv3 + # Allowing AUTH on a non encrypted connection poses a security risk + smtpd_tls_auth_only = yes + # Log only a summary message on TLS handshake completion + smtpd_tls_loglevel = 1 + # Disable weak ciphers as reported by https://ssl-tools.net # https://serverfault.com/questions/744168/how-to-disable-rc4-on-postfix smtpd_tls_exclude_ciphers = RC4, aNULL