Monday, October 27, 2014

Disable SSLv3 in Postfix, Dovecot

Postfix:

Disabling certain versions of SSL works like this in Postfix:

In your /etc/postfix/main.cf add or modify the following config parameter like so:

smtpd_tls_protocols=!SSLv2,!SSLv3

If you are using mandatory TLS you'll want to set this instead:

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

These should be fairly self-explanatory, but for further detail read the Postfix configuration parameters documentation.

Do not forget to restart Postfix!

Dovecot:

In dovecot, add the following to your configuration:

ssl_protocols = !SSLv2 !SSLv3

...and restart Dovecot. If you use a version of Dovecot older than 2.1, upgrade and then do the above.

No comments:

Post a Comment