On 8/9/2015 12:48 PM, Viktor Dukhovni wrote: > On Sun, Aug 09, 2015 at 12:42:00PM -0400, Mike wrote: > >> On this page: >> http://www.postfix.org/FORWARD_SECRECY_README.html#client_fs >> >> There is: >> >> Once the parameters are in place, update main.cf as follows: >> >> /etc/postfix/main.cf: >> smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem >> smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem > > These are SMTP server not SMTP client settings (for some reason > your subject line says "Client").
I cited the wrong subsection, both as you noted in my text and also the URL. I should have pointed to http://www.postfix.org/FORWARD_SECRECY_README.html#quick-start > >> I notice the line starting with 'smtpd_tls_dh1024_param_file' points to >> a 2048 file. >> >> Is that correct, or might it be a typo? > > It is not a typo and rationale is explained in the document. > > http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs > > EDH Server support: > > ... > > Take a few minutes to read more of the document. I had seen the rationale in the master.cf / submission section. I was unsure if that same rationale also applied to the main.cf section. Thanks for confirming it is correct as written.
