On 19 Jul 2015, at 21:09, Harald Koch <c...@pobox.com> wrote: > Maybe it's just a configuration error on my side, but all SMTP from yahoo.com > servers to mine still uses RC4...
This depends on your Postfix settings, I reckon. On our setup, with a non-default cipher set and server-side cipher ordering, we see TLSv1 with 89% ECDHE-RSA-AES128-SHA, 11% DHE-RSA-AES128-SHA for connections from 'yahoo.com' mail servers. The biggest difference is probably 'tls_preempt_cipherlist'; the default is 'no', ours is set to 'yes'. This enforces the cipher list defined by your configuration, instead of whatever the sending server likes best. Mvg, Joni
