On Wed, Oct 25, 2017, at 03:39 AM, Petri Riihikallio wrote:
You and UPS require different sets of ciphers and have none in common. Either
you have tinkered with server cipher requirements or UPS has edited their
client cipher list. Check your postconf -n to find out if its you.
http://www.postfix.org/TLS_README.html#server_cipher
Testing with openssl s_client doesn’t prove anything about Postfix cipher
settings (except that the connection is possible if no setting denies it.)
The general rule is to use the defaults. Postfix defaults are set to err
on the safe side. You’ll gain very little by altering them. If you try
to “harden” Postfix you usually end up with no connection or fall back to
plaintext.
On 25.10.17 05:49, da...@justemail.net wrote:
I checked the server and this is how it's configured
postconf -n | grep smtpd | grep tls | grep ciphers
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium
this looks like you only accept medium grade ciphers ... so no high grade.
That means, Petri was right about "hardening". use "medium, high"
Any way to check what THEY are trying to use? Which cipher?
you can capture their connections using tcpdump or wireshark, but I don't
think that's important now...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. -- Daffy Duck & Porky Pig
