leap_platform.git/puppet/modules/site_postfix/manifests/mx, branch 0.3.0rc3 [leap_platform] It turns out postfix's variable for 1024bit DH parameters can actually take a file of arbitrary length (#4012) 2013-10-06T21:31:38+00:00 Micah Anderson micah@leap.se 2013-10-03T17:16:43+00:00 5d25466e8365577c48df98afdd22d2880b7ef5ce Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 
 Neither Postfix nor OpenSSL actually care about the size of the prime in
 "smtpd_tls_dh1024_param_file".  You can make it 2048 bits

Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
only use TLSv1 or later for smtp (Feature #4011) 2013-10-06T21:31:16+00:00 Micah Anderson micah@leap.se 2013-10-03T17:45:57+00:00 9acb4a7c2a36f12a5ca71e5c4c74364d344e2c5f Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f 
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later

SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems.

Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f
Merge branch 'feature/3953' into develop 2013-10-03T17:53:27+00:00 Micah Anderson micah@leap.se 2013-10-03T17:53:27+00:00 ab6f1ad59dd8e9ab4952bf2e9ab8943d3ae60f44 






It turns out postfix's variable for 1024bit DH parameters can actually take a file of arbitrary length (#4012)
2013-10-03T17:50:14+00:00

Micah Anderson
micah@leap.se

2013-10-03T17:16:43+00:00

56f7b18d03f5ea337a68d653b422834c9283cfab

 Neither Postfix nor OpenSSL actually care about the size of the prime in
 "smtpd_tls_dh1024_param_file".  You can make it 2048 bits

Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5





 Neither Postfix nor OpenSSL actually care about the size of the prime in
 "smtpd_tls_dh1024_param_file".  You can make it 2048 bits

Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5







setup smtpd_tls_eecdh_grade to 'ultra' and configure the smtpd_tls_dh1024_param file, after generating it (#3953)
2013-10-02T16:47:11+00:00

Micah Anderson
micah@leap.se

2013-09-26T21:20:19+00:00

f531ec536a55d756262329f516f1b3bdccf4f0b4

Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5





Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5







Add client-side TLS configuration (#3868)
2013-09-26T18:53:37+00:00

Micah Anderson
micah@leap.se

2013-09-26T18:53:37+00:00

a457f610aca8544b4c9e3a3f4ddcc4d00a05baf6

Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206





Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206







fix client_ca cert+key for mx service (Feature #3921)
2013-09-24T19:03:51+00:00

varac
varacanero@zeromail.org

2013-09-24T16:02:05+00:00

1adbf7af76b10d44a53de28d23f4c7167dc4f941












use x509 for postfix ca and fix names for cert+key (Feature #3833)
2013-09-18T15:44:20+00:00

varac
varacanero@zeromail.org

2013-09-18T14:50:59+00:00

1f9003eb6ed90400279011d477e6143e2eb6e2db












use check_helo_access hash:/helo_checks also for $submission_helo_restrictions
2013-09-03T16:46:09+00:00

varac
varacanero@zeromail.org

2013-09-03T16:46:09+00:00

ccdf90ea9c48efbaa34dda8f23d6a95db9970cd9












Sending mail fails when relaying using non-fully-qualified hostname (Feature #3667)
2013-09-03T16:41:58+00:00

varac
varacanero@zeromail.org

2013-09-03T13:26:23+00:00

d901c602f61697f329e37bc92209c264755094c1