From 1871352fe8e4ac49582d4eb9f48ed59e1892ecde Mon Sep 17 00:00:00 2001
From: Gregory Colpart <gcolpart+git@evolix.fr>
Date: Wed, 31 Oct 2018 02:14:16 +0100
Subject: [PATCH] enable SSL/TLS client, cf
 https://wiki.evolix.org/HowtoPostfix#ssltls

---
 postfix/templates/evolinux_main.cf.j2 |  6 ++++++
 postfix/templates/packmail_main.cf.j2 | 12 ++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/postfix/templates/evolinux_main.cf.j2 b/postfix/templates/evolinux_main.cf.j2
index e42a413f..b4499958 100644
--- a/postfix/templates/evolinux_main.cf.j2
+++ b/postfix/templates/evolinux_main.cf.j2
@@ -13,6 +13,12 @@ recipient_delimiter = +
 inet_interfaces = all
 inet_protocols = ipv4
 disable_vrfy_command = yes
+# enable SSL/TLS client
+smtp_tls_security_level = may
+smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
+smtp_tls_protocols=!SSLv2,!SSLv3
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_loglevel = 1
 
 {% if postfix_slow_transport_include == True %}
 # Slow transports configuration
diff --git a/postfix/templates/packmail_main.cf.j2 b/postfix/templates/packmail_main.cf.j2
index 9f14ec50..bee7fe53 100644
--- a/postfix/templates/packmail_main.cf.j2
+++ b/postfix/templates/packmail_main.cf.j2
@@ -389,11 +389,19 @@ strict_rfc821_envelopes = yes
 # Section : Chiffrement
 #######################
 
+smtpd_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
+smtpd_tls_protocols=!SSLv2,!SSLv3
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtpd_tls_loglevel = 1
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+
+smtp_tls_security_level = may
+smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
+smtp_tls_protocols=!SSLv2,!SSLv3
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_loglevel = 1
 
 # SASL
 smtpd_sasl_auth_enable = yes