diff options
| -rw-r--r-- | ansible/roles/postfix/templates/main.cf.j2 | 12 | 
1 files changed, 9 insertions, 3 deletions
| diff --git a/ansible/roles/postfix/templates/main.cf.j2 b/ansible/roles/postfix/templates/main.cf.j2 index b145556..05c78da 100644 --- a/ansible/roles/postfix/templates/main.cf.j2 +++ b/ansible/roles/postfix/templates/main.cf.j2 @@ -14,10 +14,16 @@ compatibility_level = 3.6  smtpd_tls_cert_file=/etc/letsencrypt/live/pydis.wtf/fullchain.pem  smtpd_tls_key_file=/etc/letsencrypt/live/pydis.wtf/privkey.pem -smtpd_tls_security_level=may -smtpd_tls_auth_only=yes -smtp_tls_security_level = encrypt +# Configure TLS in high security mode, via https://mecsa.jrc.ec.europa.eu/en/postfix: +# - mails must be sent via TLS, optionally with DANE, and STARTTLS offer logged +# - mails must be received via TLS +# - authentication must be performed via TLS +smtp_tls_security_level = dane +smtp_dns_support_level = dnssec +smtp_tls_note_starttls_offer = yes +smtpd_tls_security_level = encrypt +smtpd_tls_auth_only = yes  smtpd_relay_restrictions =                           permit_mynetworks, | 
