postfix--- via Postfix-users:
> > You may want to comment out protocol or cipher tweaks' these can
> > reduce interoperability:
> >
> > postconf -n | grep tls
>
>
> I do not think I am using any tweaks and try to keep things as default as
> possible. Or maybe I'm misunderstanding.
>
> [root@host /]# postconf -n | grep tls
> milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} {tls_version}
> smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> smtp_tls_CApath = /etc/pki/tls/certs
> smtp_tls_security_level = may
> smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
> smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
> smtpd_tls_security_level = may
>
> Is there something to improve?
I just wanted to make sure that you weren't cranking up security to 11.
Assuming that your certificate and key are good, I speculate that
the client wants to use a different type of certificate. There are
howtos to configure the Postfix SMTP server with both RSA and ECDSA
certs from letsencrypt.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
