Verified Commit 0ae67c4a authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

postfix: Disable STARTTLS Submission (port 587)

Implicit TLS is the future[1].

[1] https://datatracker.ietf.org/doc/html/rfc8314
parent cf9c92fd
Pipeline #9733 passed with stage
in 47 seconds
......@@ -107,7 +107,6 @@
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtp-submission
- smtps
when: postfix_smtpd_public and configure_firewall
tags:
......
......@@ -24,13 +24,6 @@ localhost:smtp inet n - n - - smtpd
{% if postfix_server %}
msa_cleanup unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/msa_header_checks
submission inet n - n - - smtpd
-o cleanup_service_name=msa_cleanup
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_client_connection_count_limit=10
submissions inet n - n - - smtpd
-o cleanup_service_name=msa_cleanup
-o smtpd_tls_wrappermode=yes
......
......@@ -60,5 +60,4 @@ blackbox_targets:
- coc.archlinux.org:443
smtp_starttls:
- mail.archlinux.org:25
- mail.archlinux.org:587
- lists.archlinux.org:25
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment