On Tue, Nov 26, 2013 at 08:53:32PM -0500, Alex wrote:
> > posttls-finger: warning: lost connection while sending QUIT command
>
> I've just downloaded this and compiled it on my system, but it says
> invalid options:
You have to compile *with* TLS support enabled.
make -f Makefile.init CCARGS='-DUSE_TLS' AUXLIBS='-lssl -lcrypto'
> Just to be sure I understand, you're saying that because 3DES had
> begun then failed, the connection is just closed, correct?
Yes.
> I've now done this, and it worked.
Good. This was expected, but unexpected things can also happen.
> I looked at my debug trace of the messages delivered successfully, and
> it didn't indicate what cipher was used. Is there a specific debug
> option available to determine this for the next time?
With 3DES disabled, no cipher is negotiated, the TLS handshake
fails, and Postfix delivers the message in the clear.
> > So we could set a default value of "smtp_tls_exclude_ciphers = 3DES".
>
> Is it possible to disable it just for this peer? Or is it okay to
> disable 3DES permanently system-wide?
Yes, you can play whack-a-mole disabling it one server at a time,
but I would suggest disabling it globally.
--
Viktor.
