[SAC] [OSGeo] #2627: backup.osogeo.osuosl.org security remediation

[OSGeo]

#2627: backup.osogeo.osuosl.org security remediation
---------------------------+----------------------------------------
 Reporter:  robe           |       Owner:  sac@…
     Type:  task           |      Status:  closed
 Priority:  normal         |   Milestone:  Sysadmin Contract 2021-II
Component:  Systems Admin  |  Resolution:  fixed
 Keywords:                 |
---------------------------+----------------------------------------
Changes (by robe):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 okay port 25 doesn't appear to be open to the outside so I think it's just
 within the osuosl.org network.

 Anyrate I did change the /etc/postfix/mail.cnf


 {{{
 #smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
 aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
 smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
 smtpd_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2

 tls_high_cipherlist =
 kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3D$
 tls_medium_cipherlist =
 kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES
 }}}

 based on https://access.redhat.com/articles/1468593

-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2627#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.