Mitigate Logjam vulnerability on Postfix

2017-01-24 16:27:40 +02:00 · 2017-01-24 16:27:40 +02:00 · 1087e598b1
parent a1929b9f4f
commit 1087e598b1
2 changed files with 5 additions and 3 deletions
--- a/1
+++ b/1
@ -103,6 +103,7 @@ RUN sed -i 's/START_DAEMON=no/START_DAEMON=yes/g' /etc/default/fetchmail
 # Configures Postfix
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
 RUN echo "" > /etc/aliases
 RUN openssl dhparam -out /etc/postfix/dhparams.pem 2048
 # Configuring Logs
 RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@ -6,11 +6,11 @@ append_dot_mydomain = no
 readme_directory = no
 # Basic configuration
-# myhostname = 
+# myhostname =
 alias_maps = texthash:/etc/aliases
 alias_database = texthash:/etc/aliases
-mydestination = 
+mydestination =
-relayhost = 
+relayhost =
 mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64
 mailbox_size_limit = 0
 recipient_delimiter = +
@ -33,6 +33,7 @@ smtp_tls_protocols=!SSLv2,!SSLv3
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
 smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
 smtpd_tls_CApath = /etc/ssl/certs
 smtp_tls_CApath = /etc/ssl/certs