On 28.09.22 18:38, Lists Nethead wrote:
Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages from a Big Corp, our Postfix MX's responds
with "no shared cipher". The configuration is pretty standard I think,
smtpd_tls_security_level = may
smtpd_tls_ciphers = medium
smtpd_tls_protocols = >=TLSv1.2
smtpd_tls_exclude_ciphers = aNULL
these affect communication from other mail servers, where plaintext option
is used if TLS can't be established, because you set:
smtpd_tls_security_level = may
...so disabling older TLS versions may lower security, not increase it.
if you want to affect client-server communication, use smtpd_tls_mandatory_*
parameters instead.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.
