From 6bdc224322041e83a6d5c6ffcb4a77f13837f8f8 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sat, 3 Aug 2019 15:40:51 +0000
Subject: [PATCH] Verify TLS certificates for outgoing mail

---
 postfix/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/postfix/Dockerfile b/postfix/Dockerfile
index cf86150..07cee71 100644
--- a/postfix/Dockerfile
+++ b/postfix/Dockerfile
@@ -38,9 +38,11 @@ RUN echo '' > /etc/postfix/main.cf \
     && postconf -e smtpd_tls_exclude_ciphers='aNULL' \
     && postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \
     && postconf -e smtpd_tls_eecdh_grade='strong' \
+    && postconf -e smtpd_tls_CApath='/etc/ssl/certs' \
     && postconf -e smtp_tls_loglevel='1' \
     && postconf -e smtp_tls_security_level='may' \
     && postconf -e smtp_tls_mandatory_ciphers='medium' \
+    && postconf -e smtp_tls_CApath='/etc/ssl/certs' \
     && postconf -e tls_preempt_cipherlist='yes' \
     && postconf -e smtpd_sasl_auth_enable='yes' \
     && postconf -e smtpd_sasl_type='dovecot' \