Simple Postfix Hardening

ADD TO  /etc/postfix/

vi /etc/postfix/


# Hardening SSL configuration

# enable opportunistic TLS support in the SMTP server and client
smtp_tls_security_level = may
smtp_tls_loglevel = 1

# only offer authentication after STARTTLS
smtpd_tls_auth_only = yes

# Disable SSL compression
tls_ssl_options = NO_COMPRESSION

# Disable SSLv2 and SSLv3 leaving TLSv1, TLSv1.1 and TLSv1.2 enabled.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3

# Configure the allowed cipher list

# Enable EECDH key exchange for Forward Security

2 thoughts on “Simple Postfix Hardening

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.