Thanks for very good information and some good criticism!
I have taken those into consideration and adjusted it accordingly.
Regarding "smtpd_tls_mandatory_ciphers=high", I use port 587 alot. I
dont know if that makes any diffrence.
Otherwhise, I do agree with you that tools like "hardenize" i
Hi,
Thanks for the guidance Viktor. I wanted to share what worked for me. I was
able to get Postfix compiling and working on High Sierra with the following
command:
make -f Makefile.init makefiles \
CCARGS='-DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\"
-DDEF_COMMAND_DIR=\"/usr/local/sbi
Noel Jones:
> On 12/4/2017 3:35 PM, J Doe wrote:
> > Hello,
> >
> > I currently have a server that is configured as a mail forwarding domain
> > [1]. Using example.com as an example:
> >
> > /etc/postfix/main.cf
> > virtual_alias_domains = example.com
> > virtual_alias_maps
On 12/4/2017 3:35 PM, J Doe wrote:
> Hello,
>
> I currently have a server that is configured as a mail forwarding domain [1].
> Using example.com as an example:
>
> /etc/postfix/main.cf
> virtual_alias_domains = example.com
> virtual_alias_maps = hash:/etc/postfix/virtual
>
Hello,
I currently have a server that is configured as a mail forwarding domain [1].
Using example.com as an example:
/etc/postfix/main.cf
virtual_alias_domains = example.com
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual
u...@example.com us
> On Dec 4, 2017, at 9:46 AM, Bastian Blank
> wrote:
>
>>> smtpd_tls_mandatory_ciphers=high
>> This may be counter-productive. You're forcing peers that
>> only do RC4 to send in the clear instead. Probably not a
>> win, and with peers that can do HIGH ciphers, you get HIGH
>> anyway. On t
On Mon, Dec 04, 2017 at 09:24:48AM -0500, Viktor Dukhovni wrote:
> > smtpd_tls_mandatory_ciphers=high
> This may be counter-productive. You're forcing peers that
> only do RC4 to send in the clear instead. Probably not a
> win, and with peers that can do HIGH ciphers, you get HIGH
> anyway. On
> On Dec 4, 2017, at 8:22 AM, Jonathan Sélea wrote:
>
> I recently stumbled upon hardinze too, and came up with this config that
> makes the checks "all green".
Green per some poorly designed checklist is not necessarily better.
> smtpd_tls_protocols = !SSLv2 !SSLv3
> smtpd_tls_mandatory_pro
Hi,
I recently stumbled upon hardinze too, and came up with this config that
makes the checks "all green".
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSL
