Moin,
hardenize.com war mir schon bekannt, für Mailserver hatte ich es aber nicht auf dem Schirm, dank joas jetzt schon
Mein Exim enforced nicht die server cipher suites. Ich habe aber auch adhoc nicht gefunden wie man das konfiguriert / erreicht ( oder ist es doch einfach tls_require_ciphers? ).
Hat da jemand was an der Hand?
Bildschirmfoto 2019-10-09 um 10.51.21.png
Und wer was will, der soll auch geben, deshalb hier meine main-config:
Code
domainlist local_domains = example.org : example.com
domainlist relay_to_domains =
hostlist relay_from_hosts = localhost
.include conf.d/credentials.conf
.include conf.d/helo.conf
disable_ipv6=true
# Delete FROZEN messages
timeout_frozen_after = 30d
# Delete undeliverable bounce-messages
ignore_bounce_errors_after = 5d
daemon_smtp_ports = 25 : 587
tls_on_connect_ports = 587
tls_certificate = /etc/ssl/exim.crt
tls_privatekey = /etc/ssl/exim.key
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
#tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
# Unless you run a high-volume site you probably want more logging
# detail than the default. Adjust to suit.
log_selector = +smtp_protocol_error +smtp_syntax_error \
+tls_certificate_verified
# No deliveries will ever be run under the uids of users specified by
# never_users (a colon-separated list).
never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
host_lookup = *
# Enable an efficiency feature. We advertise the feature; clients
# may request to use it. For multi-recipient mails we then can
# reject or accept per-user after the message is received.
#
prdr_enable = true
# You should not change those settings until you understand how ACLs work:
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_spam
spamd_address = rspamd 11333 variant=rspamd
.include conf.d/acl.conf
.include conf.d/routers.conf
.include conf.d/transports.conf
.include conf.d/retry.conf
.include conf.d/rewrite.conf
.include conf.d/auth.conf
Alles anzeigen