[postfix-users] Postfix TLS Forward Secrecy
Robert Schetterer via postfix-users
postfix-users at de.postfix.org
Mi Aug 14 21:05:12 CEST 2013
Am 14.08.2013 19:17, schrieb Jochen via postfix-users:
> Am 14.08.2013 17:48, schrieb Robert Schetterer via postfix-users:
>> in der Tat etwas merkwuerdig, kannst du mal os/postfix/openssl version
>> posten inkl der im Blog erwaehnten settings
>
>
> OS: Ubuntu 10.10 (Lucid)
> Postfix: 2.7.0-1ubuntu0.2
aehm du moechtest bitte ein hoehere postfix version installieren
nimm zb die aus backports
http://packages.ubuntu.com/lucid-backports/postfix
tls_preempt_cipherlist = yes
gibts erst ab 2.8.0
> Openssl: 0.9.8k-7ubuntu8.15
>
> smtpd_tls_security_level = may
> smtpd_tls_cert_file=/etc/ssl/certs/fahrner_server_ca.pem
> smtpd_tls_key_file=/etc/ssl/private/fahrner_privatekey.pem
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_tls_auth_only = yes
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
> smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
> smtpd_tls_CApath = /etc/ssl/certs
> smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
> smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
> smtpd_tls_eecdh_grade = strong
> smtp_tls_security_level = may
> smtp_tls_loglevel = 1
> smtp_tls_note_starttls_offer = yes
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
> smtp_tls_CApath = /etc/ssl/certs
> tls_preempt_cipherlist = yes
> smtpd_tls_protocols = !SSLv2
> smtp_tls_protocols = !SSLv2
>
> _______________________________________________
> postfix-users mailing list
> postfix-users at de.postfix.org
> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Mehr Informationen über die Mailingliste postfix-users