postfix--- via Postfix-users:
> > You may want to comment out protocol or cipher tweaks' these can
> > reduce interoperability:
> > 
> > postconf -n | grep tls
> 
> 
> I do not think I am using any tweaks and try to keep things as default as 
> possible. Or maybe I'm misunderstanding.
> 
>    [root@host /]# postconf -n | grep tls
>    milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} {tls_version}
>    smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
>    smtp_tls_CApath = /etc/pki/tls/certs
>    smtp_tls_security_level = may
>    smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
>    smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
>    smtpd_tls_security_level = may
> 
> Is there something to improve?

I just wanted to make sure that you weren't cranking up security to 11.

Assuming that your certificate and key are good, I speculate that
the client wants to use a different type of certificate. There are
howtos to configure the Postfix SMTP server with both RSA and ECDSA
certs from letsencrypt.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to