On Sat, May 26, 2018 at 12:56 PM, Viktor Dukhovni < postfix-us...@dukhovni.org> wrote:
> > > > On May 26, 2018, at 8:30 AM, Sean Son <linuxmailinglistsem...@gmail.com> > wrote: > > > > Also, if I set smtpd_tls_ciphers" and/or "smtp_tls_ciphers" to "high" , > won't that conflict with opportunistic TLS. > > Only for senders that don't support any of the modern ciphersuites. > > > You had mentioned that adding those settings would force RC4 only > implementations t o send in the clear.. Won't that be a problem with > opportunistic TLS? > > Yes, but very rarely in practice. Perhaps not at all for your site. > Only you can tell. You'll need to check your logs. > > -- > Viktor. > > Hello Thank you for your reply. My apologies about my misunderstanding of postconf -d. I was up all nigh updating my servers and I read the man pages while half asleep. Lol I guess the settings that I set in my main.cf should be enough. I will wait to hear any feedback from my security team. Thanks for your help!
