From 550d66936e018379028340d5832dacb317c5df4c Mon Sep 17 00:00:00 2001
From: Thomas VIAL <github@ifusio.com>
Date: Sun, 6 Dec 2015 20:53:22 +0100
Subject: [PATCH] Fixed #42 - No more weak ciphers.

---
 postfix/main.cf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/postfix/main.cf b/postfix/main.cf
index 87f23f8c..b4114b1f 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -29,6 +29,15 @@ smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, rej
 smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 smtpd_sender_restrictions = permit_mynetworks
 smtp_tls_security_level = may
+smtp_tls_loglevel = 1
+smtpd_tls_auth_only = yes
+tls_ssl_options = NO_COMPRESSION
+tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+smtpd_tls_protocols=!SSLv2,!SSLv3
+smtp_tls_protocols=!SSLv2,!SSLv3
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
 
 # SASL
 smtpd_sasl_auth_enable = yes