install_postfix_advanced.sh: change comments for some tls parameters.
This commit is contained in:
Christoph
parent
3eb53b5463
commit
8a66f11f49
@ -1747,15 +1747,68 @@ cat <<EOF >> /etc/postfix/main.cf
|
|||||||
|
|
||||||
# ============ TLS parameters ============
|
# ============ TLS parameters ============
|
||||||
|
|
||||||
## - supports DNSSEC
|
|
||||||
## -
|
# What mechanisms the Postfix SMTP client uses to look up a host's IP address.
|
||||||
## - !! Notice !!
|
# This parameter is ignored when DNS lookups are disabled (see: disable_dns_lookups
|
||||||
## - In order to support DNSSEC and DANE your resolver MUST support
|
# and smtp_dns_support_level). The "dns" mechanism is always tried before "native"
|
||||||
## - DNSSEC too.
|
# if both are listed.
|
||||||
## -
|
#
|
||||||
## - If your resolver does not support DNSSEC, install "unbound".
|
# Specify one of the following:
|
||||||
## -
|
#
|
||||||
|
# dns
|
||||||
|
# Hosts can be found in the DNS (preferred).
|
||||||
|
#
|
||||||
|
# native
|
||||||
|
# Use the native naming service only (nsswitch.conf, or equivalent mechanism).
|
||||||
|
#
|
||||||
|
# dns, native
|
||||||
|
# Use the native service for hosts not found in the DNS.
|
||||||
|
#
|
||||||
smtp_host_lookup = dns
|
smtp_host_lookup = dns
|
||||||
|
|
||||||
|
# Level of DNS support in the Postfix SMTP client. With "smtp_dns_support_level"
|
||||||
|
# left at its empty default value, the legacy "disable_dns_lookups" parameter c
|
||||||
|
# ontrols whether DNS is enabled in the Postfix SMTP client, otherwise the l
|
||||||
|
# egacy parameter is ignored.
|
||||||
|
#
|
||||||
|
# Specify one of the following:
|
||||||
|
#
|
||||||
|
# disabled
|
||||||
|
# Disable DNS lookups. No MX lookups are performed and hostname to address lookups
|
||||||
|
# are unconditionally "native". This setting is not appropriate for hosts that
|
||||||
|
# deliver mail to the public Internet. Some obsolete how-to documents recommend
|
||||||
|
# disabling DNS lookups in some configurations with content_filters. This is no
|
||||||
|
# longer required and strongly discouraged.
|
||||||
|
#
|
||||||
|
# enabled
|
||||||
|
# Enable DNS lookups. Nexthop destination domains not enclosed in "[]" will be
|
||||||
|
# subject to MX lookups. If "dns" and "native" are included in the "smtp_host_lookup"
|
||||||
|
# parameter value, DNS will be queried first to resolve MX-host A records, followed by
|
||||||
|
# "native" lookups if no answer is found in DNS.
|
||||||
|
#
|
||||||
|
# dnssec
|
||||||
|
# Enable DNSSEC lookups. The "dnssec" setting differs from the "enabled" setting above
|
||||||
|
# in the following ways:
|
||||||
|
#
|
||||||
|
# - Any MX lookups will set RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
|
||||||
|
# responses. If the MX response is DNSSEC-validated the corresponding hostnames are
|
||||||
|
# considered validated.
|
||||||
|
#
|
||||||
|
# - The address lookups of validated hostnames are also validated, (provided of course
|
||||||
|
# "smtp_host_lookup" includes "dns", see below).
|
||||||
|
#
|
||||||
|
# - Temporary failures in DNSSEC-enabled hostname-to-address resolution block any
|
||||||
|
# "native" lookups. Additional "native" lookups only happen when DNSSEC lookups
|
||||||
|
# hard-fail (NODATA or NXDOMAIN).
|
||||||
|
#
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# !! Notice !!
|
||||||
|
# In order to support DNSSEC and DANE your resolver MUST support
|
||||||
|
# DNSSEC too.
|
||||||
|
#
|
||||||
|
# If your resolver does not support DNSSEC, install "unbound".
|
||||||
|
#
|
||||||
smtp_dns_support_level = dnssec
|
smtp_dns_support_level = dnssec
|
||||||
|
|
||||||
## - Aktiviert TLS für den Mailempfang
|
## - Aktiviert TLS für den Mailempfang
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user