Mailserver TLS

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/mycerts/postfix.pem -keyout /etc/ssl/mycerts/postfix.key
##### TLS settings ######

tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDS$

### Secure outgoing connections only ###
smtp_tls_security_level=encrypt
smtp_tls_cert_file=/etc/ssl/mycerts/postfix.pem
smtp_tls_key_file=/etc/ssl/mycerts/postfix.key
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers=high
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

### Secure incoming connections only ###
smtpd_tls_security_level=encrypt
smtpd_tls_cert_file=/etc/ssl/mycerts/postfix.pem
smtpd_tls_key_file=/etc/ssl/mycerts/postfix.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Quelle: https://thomas-leister.de/internet/erweiterte-postfix-ssltls-konfiguration-verschluesselte-server-server-verbindungen/

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.