generated from smedev/Template-for-SMEServer-Core-Package
Jean-Philippe Pialasse
aa8479eaa9
- listen only via sockets - use both unix user and virtual users - groups and pseudonyms implemented in virtual maps - support smarthost with and without auth - support global and per domain delegated mail server - support ssl - uses qmail - recipient delimiter in left part of email. - all domains set as local domains in mydestination - message_size_limit - local and remote concurency limit
28 lines
1.2 KiB
Plaintext
28 lines
1.2 KiB
Plaintext
smtp_tls_cert_file = /etc/postfix/ssl/postfix.pem
|
|
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.pem
|
|
smtp_tls_note_starttls_offer = yes
|
|
{
|
|
# see http://www.postfix.org/postconf.5.html#smtp_tls_security_level
|
|
# *smtp_use_tls = yes (default no) this is oportunistic deprecated option
|
|
# equivalent of smtp_tls_security_level = may
|
|
# *smtp_enforce_tls = yes (default no) also deprecated
|
|
# would require it and require remote SMTP server hostname matches
|
|
# the information in the remote server certificate, and that the remote SMTP server certificate
|
|
# was issued by a CA that is trusted by the Postfix SMTP client
|
|
}smtp_tls_security_level = {
|
|
my $smarthost = $SMTPSmartHost || "off";
|
|
my $userid = ${smtp-auth-proxy}{'Userid'} || "";
|
|
my $tls_security_level = $postfix{'tls_security_level'} || "may";
|
|
$tls_security_level = "encrypt" if ($smarthost ne "off" && $userid ne "");
|
|
$OUT = $tls_security_level;
|
|
}
|
|
smtp_tls_enforce_peername = { (($postfix{'tls_enforce_peername'}||'yes') eq "yes")? 'yes' : 'no'; }
|
|
{
|
|
# keeping default for this one
|
|
# smtp_tls_ciphers = medium
|
|
}{
|
|
# keeping default for this one
|
|
# smtp_tls_protocols = !SSLv2, !SSLv3
|
|
# smtp_tls_protocols = >=TLSv1
|
|
}smtp_tls_loglevel = 1
|