Add protection against Poodle attacks in Dovecot 2 and Postfix.

Till Brehm · Till Brehm · commit 29e299fe7385 · 2014-10-16T17:13:18.000+02:00
diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master
@@ -6,6 +6,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master
@@ -7,6 +7,7 @@ mail_privileged_group = vmail
 postmaster_address = postmaster@example.com
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
@@ -31,4 +31,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 owner_request_special = no
-smtp_tls_security_level = may
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master
@@ -6,6 +6,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
@@ -28,4 +28,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
@@ -28,4 +28,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master
@@ -6,6 +6,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
@@ -30,4 +30,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
