On Mon, Oct 28, 2013 at 04:17:13PM +0000, Viktor Dukhovni wrote:
> > What else info I need to supply, to figure out what is wrong?
>
> tls_policy:
> # opportunistic, season to taste
> trialtolatvia.lv may exclude=3DES:aNULL
>
> main.cf:
> indexed = ${default_database_type}:${config_directory}/
> smtp_tls_policy_maps = ${indexed}tls_policy
>
> # postmap tls_policy
Alternatively, you can exclude TLSv1.2 and 3DES:
trialtolatvia.lv may protocols=!SSLv2,!TLSv1.2 exclude=3DES
the effect is the same, you get RC4-MD5, you can coerce a working RC4-SHA
out of this rust-bucket with:
trialtolatvia.lv may protocols=!SSLv2,!TLSv1.2 exclude=3DES:MD5
If you are able to get through to their postmaster, please let them
know that their TLS stack is in need of repair, and an upgrade to
a less ancient O/S release is advisable. There may be relevant
Microsoft hot-fixes that address the issue. (Something other than
an old Exchange server as a perimeter MTA might be a good option).
--
Viktor.
