Is between dovecot and postfix some communication? On totally default dovecot config and little modification in main.cf postfix file (other lines default): tls_ssl_options = no_ticket, no_compression tls_preempt_cipherlist = yes smtpd_sasl_security_options=noanonymous,noplaintext smtpd_sasl_tls_security_options=noanonymous,noplaintext smtpd_tls_mandatory_ciphers = high smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't know what should be setup smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, DES-CBC3-SHA, RC4-MD5, RC4-SHA, ECDHE-RSA-RC4-SHA smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, DES-CBC3-SHA, RC4-MD5, RC4-SHA, ECDHE-RSA-RC4-SHA
Before setup those lines in main.cf, dovecot didn't cry any error in log. 2017-04-26 16:29 GMT+02:00 Viktor Dukhovni <postfix-us...@dukhovni.org>: > > > On Apr 26, 2017, at 12:50 AM, Poliman - Serwis <ser...@poliman.pl> > wrote: > > > > Yes I have freshly generated dh2048.pem. It's new server and I try to > secure him. > > Should this line be uncommented? > > The setting is correct, and should be used. > > > (I commented it out because of above errors) > > Those errors are completely unrelated to the configuration in question. > > > I wrote these errors here, becouse they are related to this one line > from postfix. > > No, they are not. The DH group used by the Postfix SMTP server has NO > relationship > to the SSL behaviour of the Dovecot IMAP service. For help with Dovecot, > ask on the > Dovecot list. > > -- > Viktor. > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl <ser...@poliman.pl>*
