On Sun, Dec 22, 2024 at 02:04:46PM +0000, Laura Smith via Postfix-users wrote:
>
>
>
> > Perhaps Postfix does not "listen" on the IPv6 address? You can use nc or
> > lsof
> > to find out.
> >
>
> See above where I said "worked fine before the update". "Worked fine"
> includes external validation, i.e. direct email delivery and ipv6 test
> websites such as internet.nl
>
> For the records, I *think* I found the fix, its probably some sort of parsing
> change in Postfix because I changed these lines from my "previously working"
> config :
>
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>
> To:
>
> smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
> smtpd_tls_protocols = >=TLSv1, <=TLSv1.3
Note that after the above you're allowing TLS 1.0 by default, where you
insisted on TLS 1.2 or higher before. Postfix parsing of the legacy
protocol negations has not changed. But you should be using the
preferred min/max forms.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
