thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

smtpd should provide full cert chain, and smtp should verify certs against known CAs

Luke Cyca 12 years ago
parent
d40d95a210
commit
ed6245a2f2
1 changed files with 2 additions and 1 deletions
Unified View Show Diff Stats
  1. 2
    1
      roles/mailserver/templates/etc_postfix_main.cf.j2

+ 2
- 1
roles/mailserver/templates/etc_postfix_main.cf.j2 View File

38 
 unverified_sender_reject_code = 554
 38 
 unverified_sender_reject_code = 554
39
39
40 
 # TLS parameters
 40 
 # TLS parameters
41 
-smtpd_tls_cert_file=/etc/ssl/certs/wildcard_public_cert.crt
41 
+smtpd_tls_cert_file=/etc/ssl/certs/wildcard_ca.pem
42 
 smtpd_tls_key_file=/etc/ssl/private/wildcard_private.key
 42 
 smtpd_tls_key_file=/etc/ssl/private/wildcard_private.key
43 
 smtpd_use_tls=yes
 43 
 smtpd_use_tls=yes
44 
 #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 44 
 #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
48 
 smtp_tls_loglevel = 2
 48 
 smtp_tls_loglevel = 2
49 
 smtpd_tls_received_header = yes
 49 
 smtpd_tls_received_header = yes
50 
 smtp_tls_note_starttls_offer = yes
 50 
 smtp_tls_note_starttls_offer = yes
51 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
51
52
52 
 smtpd_sasl_type = dovecot
 53 
 smtpd_sasl_type = dovecot
53 
 smtpd_sasl_path = private/auth
 54 
 smtpd_sasl_path = private/auth

Write Preview
Loading…
Cancel
Save