install_postfix_advanced.sh: change comments for some tls parameters.
This commit is contained in:
Christoph
parent
3eb53b5463
commit
8a66f11f49
@ -1747,15 +1747,68 @@ cat <<EOF >> /etc/postfix/main.cf
|
||||
|
||||
# ============ TLS parameters ============
|
||||
|
||||
## - supports DNSSEC
|
||||
## -
|
||||
## - !! Notice !!
|
||||
## - In order to support DNSSEC and DANE your resolver MUST support
|
||||
## - DNSSEC too.
|
||||
## -
|
||||
## - If your resolver does not support DNSSEC, install "unbound".
|
||||
## -
|
||||
|
||||
# What mechanisms the Postfix SMTP client uses to look up a host's IP address.
|
||||
# This parameter is ignored when DNS lookups are disabled (see: disable_dns_lookups
|
||||
# and smtp_dns_support_level). The "dns" mechanism is always tried before "native"
|
||||
# if both are listed.
|
||||
#
|
||||
# Specify one of the following:
|
||||
#
|
||||
# dns
|
||||
# Hosts can be found in the DNS (preferred).
|
||||
#
|
||||
# native
|
||||
# Use the native naming service only (nsswitch.conf, or equivalent mechanism).
|
||||
#
|
||||
# dns, native
|
||||
# Use the native service for hosts not found in the DNS.
|
||||
#
|
||||
smtp_host_lookup = dns
|
||||
|
||||
# Level of DNS support in the Postfix SMTP client. With "smtp_dns_support_level"
|
||||
# left at its empty default value, the legacy "disable_dns_lookups" parameter c
|
||||
# ontrols whether DNS is enabled in the Postfix SMTP client, otherwise the l
|
||||
# egacy parameter is ignored.
|
||||
#
|
||||
# Specify one of the following:
|
||||
#
|
||||
# disabled
|
||||
# Disable DNS lookups. No MX lookups are performed and hostname to address lookups
|
||||
# are unconditionally "native". This setting is not appropriate for hosts that
|
||||
# deliver mail to the public Internet. Some obsolete how-to documents recommend
|
||||
# disabling DNS lookups in some configurations with content_filters. This is no
|
||||
# longer required and strongly discouraged.
|
||||
#
|
||||
# enabled
|
||||
# Enable DNS lookups. Nexthop destination domains not enclosed in "[]" will be
|
||||
# subject to MX lookups. If "dns" and "native" are included in the "smtp_host_lookup"
|
||||
# parameter value, DNS will be queried first to resolve MX-host A records, followed by
|
||||
# "native" lookups if no answer is found in DNS.
|
||||
#
|
||||
# dnssec
|
||||
# Enable DNSSEC lookups. The "dnssec" setting differs from the "enabled" setting above
|
||||
# in the following ways:
|
||||
#
|
||||
# - Any MX lookups will set RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
|
||||
# responses. If the MX response is DNSSEC-validated the corresponding hostnames are
|
||||
# considered validated.
|
||||
#
|
||||
# - The address lookups of validated hostnames are also validated, (provided of course
|
||||
# "smtp_host_lookup" includes "dns", see below).
|
||||
#
|
||||
# - Temporary failures in DNSSEC-enabled hostname-to-address resolution block any
|
||||
# "native" lookups. Additional "native" lookups only happen when DNSSEC lookups
|
||||
# hard-fail (NODATA or NXDOMAIN).
|
||||
#
|
||||
# default: empty
|
||||
#
|
||||
# !! Notice !!
|
||||
# In order to support DNSSEC and DANE your resolver MUST support
|
||||
# DNSSEC too.
|
||||
#
|
||||
# If your resolver does not support DNSSEC, install "unbound".
|
||||
#
|
||||
smtp_dns_support_level = dnssec
|
||||
|
||||
## - Aktiviert TLS für den Mailempfang
|
||||
|
||||
Loading…
Reference in New Issue
Block a user