postfix: Use strict encryption for SMTPS, Submission

The SMTPS (465) And Submission (587) ports expect encryption, either implicitly (i.e. via direct TLS connection) or explicitly (i.e. via STARTTLS), but this was not enforced previously. Port 25 remains configured for opportunistic encryption, but will still not allow for authentication over unencrypted transports.
2024-09-21 13:40:45 +00:00 · 2021-09-19 13:30:06 +01:00 · 2021-09-19 13:30:06 +01:00 · c730ec37f0
commit c730ec37f0
parent 16ddc3ab79
1 changed files with 2 additions and 2 deletions
--- a/config/service/postfix/container/config/master.cf
+++ b/config/service/postfix/container/config/master.cf
@ -6,8 +6,8 @@
 #                (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 smtp       inet  n       -       n       -       -       smtpd
-smtps      inet  n       -       n       -       -       smtpd
-submission inet  n       -       n       -       -       smtpd
+smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
+submission inet  n       -       n       -       -       smtpd -o smtpd_tls_security_level=encrypt
 pickup     unix  n       -       n       60      1       pickup
 cleanup    unix  n       -       n       -       0       cleanup
 qmgr       unix  n       -       n       300     1       qmgr