Hi,
Have you considered limiting weak ciphers ?

smtpd_tls_exclude_ciphers =


-ALF

-Angelo Fazzina
Operating Systems Programmer / Analyst
University of Connecticut,  UITS, SSG, Server Systems
860-486-9075

From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Cecil Westerhof
Sent: Friday, May 26, 2017 11:23 AM
To: Postfix users <postfix-users@postfix.org>
Subject: Can this SASL configuration be improved

In my main.cf<http://main.cf> I have:
############################################################
# SASL stuff
############################################################
smtp_sasl_auth_enable = yes
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext, noanonymous
smtpd_sasl_auth_enable = no
# Because of POODLE vulnerability
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3

​Is this OK, or can it be improved?​

--
Cecil Westerhof

Reply via email to