On Sun, Aug 02, 2015 at 10:53:35PM +0200, Istvan Prosinger wrote:
> smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
> smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031,
> permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
With the above configuration, either you never accept any SMTP
email, master.cf contains an override of smtpd_recipient_restrictions
and smtpd_end_of_data_restrictions, or the policy service *is*
used, whether you can convince yourself of that or not.
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> smtpd_use_tls = yes
Better:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
--
Viktor.
