Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

postfix: put CA file back, needed to verify other certs

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-07-21 16:42:22 -07:00
parent a3c96c4032
commit 24088dfe9b
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/base/files/postfix/main.cf/main.cf.gateway
View file

@ -722,6 +722,7 @@ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4
smtpd_tls_loglevel = 1
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_chain_files = /etc/pki/tls/private/gateway-chain.pem
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
@ -739,6 +740,7 @@ smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_chain_files = /etc/pki/tls/private/gateway-chain.pem
smtp_tls_security_level = may
smtp_tls_connection_reuse = no