On Sun, Sep 13, 2015 at 12:26:52PM -0400, Postfix User wrote:
> $ postconf -nf
> msa_tls_ciphers = medium
> msa_tls_dh1024_param_file = ${config_directory}/dh2048.pem
> msa_tls_exclude_ciphers = MD5, RC4, 3DES
The client in question likely needs at least one of the above.
Try restoring 3DES (if that works done), else disable 3DES and
enable RC4. If that still does not work, also enable MD5.
[ but keep reading first ]
> msa_tls_protocols = !SSLv2, !SSLv3
If the above was not sufficient, try enabling "SSLv3" (drop !SSLv3
from the protocols settings).
[ but keep reading first ]
> smtpd_tls_ciphers = medium
> smtpd_tls_dh1024_param_file = /usr/local/etc/postfix/ssl/DHparams/dh2048.pem
> smtpd_tls_dh512_param_file = /usr/local/etc/postfix/ssl/DHparams/dh512.pem
> smtpd_tls_exclude_ciphers = EXPORT, LOW
> smtpd_tls_protocols = !SSLv2, !SSLv3
These are unlikely to cause the problem, if the client is configured
to use port 587.
> tls_medium_cipherlist = AES128+EECDH:AES128+EDH
Never mind all the above, BINGO! Where did that come from? Certainly
not anything I'd ever recommended to anyone. Remove that setting
with prejudice.
--
Viktor.
