diff --git a/service/coturn/Containerfile b/service/coturn/Containerfile index aeb0c05..f38b08d 100644 --- a/service/coturn/Containerfile +++ b/service/coturn/Containerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-slim +FROM docker.io/debian:bookworm-slim ARG VERSION=4.6.1 RUN apt-get update -y && apt-get upgrade -y && \ diff --git a/service/dovecot/container/config/dovecot.conf.template b/service/dovecot/container/config/dovecot.conf.template index 62b8665..7898f2c 100644 --- a/service/dovecot/container/config/dovecot.conf.template +++ b/service/dovecot/container/config/dovecot.conf.template @@ -80,7 +80,7 @@ protocols = imap ssl = yes ssl_min_protocol = TLSv1.2 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -ssl_prefer_server_ciphers = no +ssl_prefer_server_ciphers = yes ssl_cert = =TLSv1.2 smtpd_tls_mandatory_ciphers = high +smtpd_tls_mandatory_exclude_ciphers = aNULL +smtpd_tls_protocols = >=TLSv1.2 smtpd_tls_auth_only = yes smtpd_helo_required = yes smtpd_tls_received_header = yes @@ -196,6 +198,7 @@ smtpd_tls_loglevel = 1 # Other TLS configuration parameters. tls_random_source = dev:/dev/urandom tls_ssl_options = no_ticket, no_compression +tls_preempt_cipherlist = yes # Certificate file location. smtpd_tls_cert_file = /etc/ssl/private/certificates/${POSTFIX_HOST}.crt