Steffen Nurpmeso skrev den 2023-01-07 19:35:
Matus UHLAR - fantomas wrote in
<Y7l7qS2IF/mxz...@fantomas.sk>:
...
|one
|can disable aDH by adding it to smtp_tls_mandatory_exclude_ciphers.
Just last week with the new lighttpd update i followed his
maintainer by doing (the EDH+AESGCM is _my_ addition, blame _me_
for that, it adds four combinations):
# super modern, forward secrecy TLSv1.2 / TLSv1.3 selection..
tls_high_cipherlist = EECDH+AESGCM:EECDH+AES256:EDH+AESGCM:CHACHA20
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = TLSv1
For long (many, many months) i have
smtpd_tls_mandatory_protocols = >=TLSv1.2
smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
All this transported to other (client etc) via such var
assignments.
I have no fallout after two days (in which i had bitten the
bullet and really read through the logs; yet; i also presumed he
did some careful investigation before being that rigid, so).
Received: by kent.sdaoden.eu (Postfix, from userid 1000)
id 25D02B4B1E; Sat, 7 Jan 2023 19:35:21 +0100 (CET)
Date: Sat, 07 Jan 2023 19:35:21 +0100
Author: Steffen Nurpmeso <stef...@sdaoden.eu>
From: Steffen Nurpmeso <stef...@sdaoden.eu>
you are not using postfix imho when it make "RCVD_ILLEGAL_IP Received:
contains illegal IP address" in spamassassin test
