git.bettercrypto.org / ach-master.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 41506da)
Always log TLS connection info in Postfix
authorAlbert Krewinkel <albert@zeitkraut.de>
Wed, 9 Mar 2016 08:24:44 +0000 (09:24 +0100)
committerAlbert Krewinkel <albert@zeitkraut.de>
Wed, 9 Mar 2016 08:46:20 +0000 (09:46 +0100)
TLS connection details are useful information and should always be
logged.

src/configuration/MailServers/Postfix/main.cf patch | blob | history

diff --git a/src/configuration/MailServers/Postfix/main.cf b/src/configuration/MailServers/Postfix/main.cf
index 5948705..93f70bf 100644 (file)
--- a/src/configuration/MailServers/Postfix/main.cf
+++ b/src/configuration/MailServers/Postfix/main.cf
@@ -20,12 +20,12 @@ readme_directory = no
 # TLS parameters
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-# use 0 for Postfix >= 2.9, and 1 for earlier versions
-smtpd_tls_loglevel = 0
+# log TLS connection info
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
 # enable opportunistic TLS support in the SMTP server and client
 smtpd_tls_security_level = may
 smtp_tls_security_level = may
-smtp_tls_loglevel = 1
 # if you have authentication enabled, only offer it after STARTTLS
 smtpd_tls_auth_only = yes
 tls_ssl_options = NO_COMPRESSION
applied crypto hardening (master repo)