Added code to the setup script which enables and configures TLS support

in Postfix. It's kind of ugly because the Debian Postfix package configurator basically rewrites this file every time, but it's the best I can come up with right now. Signed-off-by: The Doctor <[email protected]>
tgcallaway · Apr 29, 2016 · d2e0a54 · d2e0a54
1 parent 90cda94
commit d2e0a54
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/16.04-lts/setup.sh b/16.04-lts/setup.sh
@@ -66,6 +66,16 @@ systemctl disable mountnfs-bootclean
 systemctl disable mountnfs
 systemctl disable umountnfs
 
+# Hand^wScript hack the /etc/postfix/main.cf file because it was completely
+# rewritten when the Debian configurator asked you some questions.
+echo "smtpd_tls_ciphers = high" >> /etc/postfix/main.cf
+echo "smtpd_tls_exclude_ciphers = aNULL, MD5, DES, 3DES, DES-CBC3-SHA, RC4-SHA, AES256-SHA, AES128-SHA" >> /etc/postfix/main.cf
+echo "smtp_tls_protocols = !SSLv2, !SSLv3" >> /etc/postfix/main.cf
+echo "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3" >> /etc/postfix/main.cf
+echo "smtp_tls_note_starttls_offer = yes" >> /etc/postfix/main.cf
+echo "smtpd_tls_received_header = yes" >> /etc/postfix/main.cf
+echo "" >> /etc/postfix/main.cf
+
 # Build the initial AIDE database.
 echo "Building initial AIDE database.  Please be patient, this takes a while."
 aide.wrapper --init