Hi, Here is how I am dealing with "weak ciphers" You may be able to do the same type of config ?
In /etc/postfix/main.cf # -ALF 2016-09-07 # disable RC4 ciphers with TLS connections. #smtpd_tls_exclude_ciphers = RC4, aNULL # -ALF 2017-01-09 # disable weak ciphers, and RC4 ciphers smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL #-ALF 2107-01-09 # disable SWEET32 ciphers, weak ciphers, and RC4 ciphers #smtpd_tls_exclude_ciphers = IDEA-CBC-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL -Angelo Fazzina Operating Systems Programmer / Analyst University of Connecticut, UITS, SSG, Server Systems 860-486-9075 -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Daniel Bareiro Sent: Friday, February 17, 2017 9:40 AM To: Postfix users <postfix-users@postfix.org> Subject: Strong Ciphers to use with Postfix Hi all! I'm using Debian GNU/Linux Jessie 8.7 with Postfix 2.11.3-1. I would like to know what you think of the security settings suggested here [1] for Postfix. I have tested it against this [2] site, but it seems that fails to discard other ciphers; on "Weak ciphers" I get "supported RSA_WITH_RC4_128_SHA". Thanks in advance. Kind regards, Daniel [1] https://cipherli.st [2] https://ssl-tools.net/mailservers
