On Wed, Jan 22, 2025 at 13:40:34 +1100, Viktor Dukhovni via Postfix-users wrote:
> Nothing in the Postfix config, but do note that on RedHat / Fedora
> systems there's also "crypto policy" that cranks up security to 11 to
> protect users against fairly exotic threats, so you end up with
> cleartext
On Tue, Jan 21, 2025 at 05:16:29PM -0500, Wietse Venema via Postfix-users wrote:
> >[root@host /]# postconf -n | grep tls
> >milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
> > {tls_version}
> >smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> >smtp_tls_CApath = /e
postfix--- via Postfix-users:
> > You may want to comment out protocol or cipher tweaks' these can
> > reduce interoperability:
> >
> > postconf -n | grep tls
>
>
> I do not think I am using any tweaks and try to keep things as default as
> possible. Or maybe I'm misunderstanding.
>
>[root
You may want to comment out protocol or cipher tweaks' these can
reduce interoperability:
postconf -n | grep tls
I do not think I am using any tweaks and try to keep things as default as
possible. Or maybe I'm misunderstanding.
[root@host /]# postconf -n | grep tls
milter_rcpt_macros =
postfix--- via Postfix-users:
> My distro package manager gives me postfix 3.5.25 with openssl 3.2.2 which
> causes SSL version mismatch warnings I was previously told I could ignore.
>
> I got a failed transaction:
>
>Jan 21 09:15:21 host postfix/smtpd[79286]: warning: run-time library vs.
