2009/7/24 Jake Vickers <j...@v2gnu.com>: > I ma having a spot of trouble disabling SSLv2 on a Postfix 2.5.1 > installation (from Fedora 9 repo). Here is my postconf:
> $ postconf -n <snip> > smtpd_tls_mandatory_protocols = !SSLv2 As documented, this shouldn't be necessary: http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols > And when I try and check (from another machine) to see if it's still active: > > openssl s_client -connect 192.168.0.10:25 -ssl2 > > I get this: >> >> CONNECTED(00000003) > > That means it's still answering SSLv2 correct? Does it? It means you're getting a connection, it doesn't mean you're getting past that point. You really want to test for TLS anyway, so use openssl's SMTP protocol support. An example from my own TLS setup (seeing as you haven't been forthcoming with details of your own): % openssl s_client -connect yoshino.meidokon.net:587 -starttls smtp -ssl2 CONNECTED(00000003) write:errno=104 It works fine if you remove the "-ssl2".
