I am not sure what SRS or AUC are right now.
The defaults for those settings, as far as postfix is concerned, are as
follows:
|smtpd_sasl_auth_enable = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = no
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = >=TLSv1
smtpd_tls_security_level =
tls_random_bytes = 32
tls_daemon_random_bytes = 32|
As for which is better.. couldn't say. I have configured these to the
more secure according to my understanding of
https://www.postfix.org/postconf.5.html
AND tbh, its probably overkill. I'm not hiding state secrets.
On 6/16/2024 8:20 PM, Jeff Peng via Postfix-users wrote:
# SMTPd SERVER TLS/SSL Settings
tls_daemon_random_bytes = 64
tls_random_bytes = 64
smtpd_tls_cert_file = /etc/letsencrypt/live/email.broker/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/email.broker/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = >=TLSv1.2
# SASL settings
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
# Moved to master.cf
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = no
for ssl stuff. is it better to use the system defaults?
I am also the postmaster of tls-mail.com. I have a suggestion that,
for your homepage, can you add the protocol of SRS and AUC?
regards.
Jeff
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
