setup · 7ca42489ae0320927773145420d7f7923e4fd454 · Administrator / mailinabox

drop legacy, export-grade, and anonymous ciphers from SMTP (port 25, opportunistic) · 7ca42489

Joshua Tauberer authored May 05, 2015

Even though SMTP (on port 25) is typically opportunistic and a MitM attack can't be prevented, we may as well only offer ciphers that provide some level of security. If a client is so old or misconfigured that it doesn't support newer ciphers, it should hopefully fall back to a non-TLS connection.

Postfix's default was basically anything goes (anonymous and 40-bit ciphers!). Google's MTA's only offer ciphers at 112 bits at greater, and this change approximates that with Postfix's "medium" setting.

Fixes #371

7ca42489

Name	Last commit	Last update
..
bootstrap.sh		Loading commit data...
csr_country_codes.tsv		Loading commit data...
dkim.sh		Loading commit data...
dns.sh		Loading commit data...
firstuser.sh		Loading commit data...
functions.sh		Loading commit data...
mail-dovecot.sh		Loading commit data...
mail-postfix.sh		Loading commit data...
mail-users.sh		Loading commit data...
management.sh		Loading commit data...
migrate.py		Loading commit data...
network-checks.sh		Loading commit data...
owncloud.sh		Loading commit data...
preflight.sh		Loading commit data...
questions.sh		Loading commit data...
spamassassin.sh		Loading commit data...
ssl.sh		Loading commit data...
start.sh		Loading commit data...
system.sh		Loading commit data...
web.sh		Loading commit data...
webmail.sh		Loading commit data...
zpush.sh		Loading commit data...

Download source code

Download this directory