Deploying to gh-pages from @ mailcow/mailcow-dockerized-docs@ecc7eb2428 🚀

firststeps-trust_networks/index.html

@@ -1944,8 +1944,8 @@
 <h2 id="unauthenticated-relaying">Unauthenticated relaying<a class="headerlink" href="#unauthenticated-relaying" title="Permanent link">&para;</a></h2>
 <div class="admonition warning">
 <p class="admonition-title">Warning</p>
-</div>
 <p>Incorrect setup of <code>mynetworks</code> will allow your server to be used as an open relay. If abused, this <strong>will</strong> affect your ability to send emails and can take some time to be resolved.</p>
+</div>
 <h3 id="ipv4-hostssubnets">IPv4 hosts/subnets<a class="headerlink" href="#ipv4-hostssubnets" title="Permanent link">&para;</a></h3>
 <p>To add the subnet <code>192.168.2.0/24</code> to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:</p>
 <p>Edit <code>data/conf/postfix/extra.cf</code>:</p>
@@ -1955,13 +1955,14 @@
 <h3 id="ipv6-hostssubnets">IPv6 hosts/subnets<a class="headerlink" href="#ipv6-hostssubnets" title="Permanent link">&para;</a></h3>
 <p>Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets <code>[]</code> with the netmask appended.</p>
 <p>To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:</p>
-<p><code>data/conf/postfix/extra.cf
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32</code></p>
+<p>Edit <code>data/conf/postfix/extra.cf</code>:</p>
+<div class="highlight"><pre><span></span><code>mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
+</code></pre></div>
 <p>Run <code>docker-compose restart postfix-mailcow</code> to apply your new settings.</p>
 <div class="admonition info">
 <p class="admonition-title">Info</p>
-</div>
 <p>More information about mynetworks can be found in the <a href="http://www.postfix.org/postconf.5.html#mynetworks">Postfix documentation</a>.</p>
+</div>
                 
               
               

u_e-nginx/index.html

@@ -1844,6 +1844,13 @@
 <div class="highlight"><pre><span></span><code>server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
   index index.php index.html;
   client_max_body_size 0;
   root /web;
@@ -1866,6 +1873,13 @@
 <div class="highlight"><pre><span></span><code>server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
   index index.php index.html;
   client_max_body_size 0;
   root /web;