Mitigate Logjam vulnerability on Postfix

2017-01-24 16:27:40 +02:00 · 2017-01-24 16:27:40 +02:00 · 1087e598b1
parent a1929b9f4f
commit 1087e598b1
2 changed files with 5 additions and 3 deletions
--- a/1
+++ b/1
@ -103,6 +103,7 @@ RUN sed -i 's/START_DAEMON=no/START_DAEMON=yes/g' /etc/default/fetchmail
 # Configures Postfix
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
 RUN echo "" > /etc/aliases
+RUN openssl dhparam -out /etc/postfix/dhparams.pem 2048

 # Configuring Logs
 RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@ -33,6 +33,7 @@ smtp_tls_protocols=!SSLv2,!SSLv3
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
+smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
 smtpd_tls_CApath = /etc/ssl/certs
 smtp_tls_CApath = /etc/ssl/certs