postavlja neke tls parametre

diff --git a/debian/changelog b/debian/changelog
index 6580f6b..ef7fc49 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+postfix-cn (2.5.5-3lenny2) stable; urgency=medium
+
+  * Postavlja parametre:
+    - smtpd_tls_mandatory_protocols = SSLv3, TLSv1
+    - smtpd_tls_mandatory_ciphers = medium, high
+    - smtpd_tls_exclude_ciphers = aNULL
+    - smtpd_tls_mandatory_exclude_ciphers = aNULL
+
+ -- Ivan Rako <Ivan.Rako@CARNet.hr>  Mon, 21 Dec 2009 13:14:06 +0100
+
 postfix-cn (2.5.5-3lenny1) stable; urgency=medium
 
   * Prva verzija za lenny

diff --git a/debian/postinst b/debian/postinst
index 868dad4..80c04dc 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -288,6 +288,10 @@ postconf -e smtpd_tls_key_file="\$smtpd_tls_cert_file"
 postconf -e smtpd_tls_session_cache_database="sdbm:/var/lib/postfix/smtpd_scache"
 postconf -e smtpd_tls_session_cache_timeout="3600s"
 postconf -e tls_random_source="dev:/dev/urandom"
+postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
+postconf -e smtpd_tls_mandatory_ciphers="medium, high"
+postconf -e smtpd_tls_exclude_ciphers="aNULL"
+postconf -e smtpd_tls_mandatory_exclude_ciphers="aNULL"
 # ako je postavljen neki drugi certifikat, ne diraj
 smtp_tls_cert_file="`postconf -h smtp_tls_cert_file`"
 if [ -z "$smtp_tls_cert_file" ]; then