smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3
On 09.06.22 16:41, Josef Vybíhal wrote:
By this you basically DISABLED all tls protocols. The ! means "not".
Try this:
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
no, try this:
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_ciphers=medium
smtpd_tls_exclude_ciphers =
MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4,3DES
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_mandatory_ciphers=high
*_mandatory_* directives are used for connections where tls is mandatory
- usually client connections.
other _tls_ directives are used in other cases
- usually server-server connections, where alternative is no encryption at
all.
see
https://marc.info/?l=postfix-users&m=143884497605106&w=2
https://marc.info/?l=postfix-users&m=152907910501143&w=2
ans possibly other threads at:
https://marc.info/?l=postfix-users&w=2&r=1&s=recommended+TLS+settings&q=b
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
