> I checked the server and this is how it's configured > > postconf -n | grep smtpd | grep tls | grep ciphers > smtpd_tls_ciphers = medium > smtpd_tls_exclude_ciphers = EXPORT, LOW, RC4, eNULL, NULL > smtpd_tls_mandatory_ciphers = medium > smtpd_tls_mandatory_exclude_ciphers = aNULL > tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
Both smtpd_*_exclude_ciphers default to empty. Do you know why they are non-empty in your config? Like I wrote earlier: If you try to “harden” Postfix you’ll run into trouble. Postfix defaults to as secure as possible without sacrificing functionality. Perhaps iship.com is running some really old MTA, but it is their decision. In that case (after emptying the exclude lists) you can try replacing “medium" with “export”. That is not a recommended setting (a.k.a. default) however, so try first just without the exclusions. -- Cheers Petri https://metis.fi/en/petri tel:+358400505939
smime.p7s
Description: S/MIME cryptographic signature
