postfix--- via Postfix-users: > > You may want to comment out protocol or cipher tweaks' these can > > reduce interoperability: > > > > postconf -n | grep tls > > > I do not think I am using any tweaks and try to keep things as default as > possible. Or maybe I'm misunderstanding. > > [root@host /]# postconf -n | grep tls > milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} {tls_version} > smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt > smtp_tls_CApath = /etc/pki/tls/certs > smtp_tls_security_level = may > smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem > smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem > smtpd_tls_security_level = may > > Is there something to improve?
I just wanted to make sure that you weren't cranking up security to 11. Assuming that your certificate and key are good, I speculate that the client wants to use a different type of certificate. There are howtos to configure the Postfix SMTP server with both RSA and ECDSA certs from letsencrypt. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org