Hi, Have you considered limiting weak ciphers ? smtpd_tls_exclude_ciphers =
-ALF -Angelo Fazzina Operating Systems Programmer / Analyst University of Connecticut, UITS, SSG, Server Systems 860-486-9075 From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Cecil Westerhof Sent: Friday, May 26, 2017 11:23 AM To: Postfix users <postfix-users@postfix.org> Subject: Can this SASL configuration be improved In my main.cf<http://main.cf> I have: ############################################################ # SASL stuff ############################################################ smtp_sasl_auth_enable = yes smtp_sasl_tls_security_options = noanonymous smtp_tls_security_level = encrypt smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noplaintext, noanonymous smtpd_sasl_auth_enable = no # Because of POODLE vulnerability smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 smtpd_tls_protocols=!SSLv2,!SSLv3 smtp_tls_mandatory_protocols=!SSLv2,!SSLv3 smtp_tls_protocols=!SSLv2,!SSLv3 Is this OK, or can it be improved? -- Cecil Westerhof