Use opportunistic TLS for receiving emails

HarrySky · HarrySky · commit cb2d03f29008 · 2021-09-02T20:03:27.000+03:00
diff --git a/kolombo/__init__.py b/kolombo/__init__.py
@@ -1 +1 @@
-__version__ = "0.3.1"
+__version__ = "0.4.0"
diff --git a/kolombo/docker/receiver/postfix.conf b/kolombo/docker/receiver/postfix.conf
@@ -52,12 +52,14 @@ tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
 tls_high_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
 tls_preempt_cipherlist = yes
 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
-smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtpd_tls_exclude_ciphers = aNULL, SEED, CAMELLIA, RSA+AES
-smtp_tls_security_level = encrypt
-smtpd_tls_security_level = encrypt
+# Add TLS info to Received-header
+smtpd_tls_received_header = yes
+# Use opportunistic TLS to make sure most of emails are delivered
+# even when sender's server do not support TLS for some reason in 21th century
+smtpd_tls_security_level = may
 # Use generated self-signed cert files by default
 smtpd_tls_cert_file = /etc/postfix/tls.crt
 smtpd_tls_key_file = /etc/postfix/tls.key
diff --git a/kolombo/docker/sender/postfix.conf b/kolombo/docker/sender/postfix.conf
@@ -39,3 +39,4 @@ append_dot_mydomain = no
 smtp_tls_security_level = may
 smtp_tls_ciphers = medium
 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
+smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-__version__ = "0.3.1"`
	`1`	`+__version__ = "0.4.0"`