diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2007-07-19 00:25:16 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2007-07-19 00:25:16 +0000 |
| commit | 2e3e212fd778876a710f43e1e999c48b365f49df (patch) | |
| tree | fc7cb78a6acee7bf490a3349e7e23975b8eacae9 | |
| parent | a38e6bc916a738e0f1a2a375291e7801b3f5824c (diff) | |
Force using TLS for peers if cacert.pem exist.
| -rwxr-xr-x | postfix/postfix.sh | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 3ee1a6c..98eac28 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002-2007 Jonas Smedegaard <dr@jones.dk> # -# $Id: postfix.sh,v 1.51 2007-07-18 15:56:25 jonas Exp $ +# $Id: postfix.sh,v 1.52 2007-07-19 00:25:16 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -191,6 +191,10 @@ if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then $postconf -e 'smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_scache' # Accepting client certificates breaks SMTP AUTH on OutLook Express on Mac (Classic) $postconf -e 'smtpd_tls_ask_ccert = no' + # Force using TLS for peers + catallfilesfromotherrealms mailhost | sort | sed 's/^/[/;s/$/]:submission secure/' > "$confdir/tls_policy" + postmap "$confdir/tls_policy" + $postconf -e 'smtp_tls_policy_maps = hash:/etc/postfix/tls_policy' else echo "WARNING: CA certificate not found - consider using proper signed certificates!" fi |