Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cipher config options.
|
|
provider.production.json). requires latest leap_cli.
|
|
|
|
to the more restrictive TLS wrapper mode
Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
|
|
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604)
. enable smtps (port 465) for client submission over TLS, and require that TLS is enabled
. add 465 to the allowed open ports in the firewall
. change the smtp-service.json to use 465 instead of 25
note: I did not use the 'use_smtps' parameter that is available in the postfix
class because it added some options that we do not want/need.
Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rate limited).
|
|
requires that we use domain.full_suffix instead of provider.domain, whenever possible.
|
|
special client certificates with the FREE prefix in the common name.
|
|
|
|
for hosting two TLS domains on one IP).
|
|
|
|
|
|
|
|
|