Brennan Kinney 76594c21c4 Add note about tls_ssl_options = NO_COMPRESSION ... [Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options): > Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security. [Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html): > The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data. > The auditor completely failed to take the context into account. [Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html) > keeping compression disabled is a good idea. If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS.		2020-04-29 19:41:08 +12:00
..
header_checks.pcre	Support for additional postgrey options (Close: #998, #999, #1046)	2018-11-01 19:32:36 +01:00
ldap-aliases.cf	Added support for Dovecot and Postfix LDAP TLS (#800)	2018-01-25 22:38:41 +01:00
ldap-domains.cf	Added support for Dovecot and Postfix LDAP TLS (#800)	2018-01-25 22:38:41 +01:00
ldap-groups.cf	Added support for Dovecot and Postfix LDAP TLS (#800)	2018-01-25 22:38:41 +01:00
ldap-users.cf	Added support for Dovecot and Postfix LDAP TLS (#800)	2018-01-25 22:38:41 +01:00
main.cf	Add note about tls_ssl_options = NO_COMPRESSION	2020-04-29 19:41:08 +12:00
master.cf	Introducing Postscreen (#799)	2018-02-04 21:31:08 +01:00
sender_header_filter.pcre	Improve the privacy of the client by removing sensitive details	2017-09-07 19:29:50 +02:00
sender_login_maps.pcre	Added reject_authenticated_sender_login_mismatch (#872)	2018-03-07 19:33:43 +01:00