Benny Pedersen wrote in
<37a797bed4aeb5c01b75c262ba0fe...@junc.eu>:
|On 2022-06-09 17:13, Linda Pagillo wrote:
|> Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours
|> of staring at the screen. Josef.. THANK YOU.
|
|>> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
|tlsv1.1 is more weak then tlsv1, so keep tlsv1
I drive my postfix with
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = >=TLSv1.2
[also there is
smtpd_tls_mandatory_exclude_ciphers =
aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES,
CBC3-SHA
but i definetely should put more care into this one!]
and then lots of
smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
...
I do not look to deeply into the mail log, normally, but do not
recall TLS based problems (on :25, at least).
I like this >= syntax, it came in not too far in the past.
--End of <37a797bed4aeb5c01b75c262ba0fe...@junc.eu>
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
