I think it is a fundamental question on what your goal is: To
send/receive mail under any circumstance or force a minimum security
level.
With that it is important to distinguish between receiving mail and
sending. The issue with leaving every old option available is, that
broken tls versions or pl
> If you are curious about the defaults in your Postfix use
> postconf | grep tls
That should be:
postconf -d | grep tls
br, Petri
smime.p7s
Description: S/MIME cryptographic signature
On Thu, May 14, 2020 at 12:56:46PM -0400, Ian Evans wrote:
> As some test suite recommendations might be harsher than what is practical
> I thought I'd check with the people who actually work on Postfix.
The most important question is: are you talking about mandatory or
opportunistic TLS. All the
> Thanks. When tweaks may have been made over the years, is there a page in the
> docs that just has a clean list of defaults for master.cf? Or check the .dist
> files?
You suspect tweaks have been made to your system? Use
postconf -n | grep tls
postconf -M | grep tls
to find out. Go throug
> As some test suite recommendations might be harsher than what is practical I
> thought I'd check with the people who actually work on Postfix.
>
> 1) some test sites say TLS 1.0 should be disabled for NIST compliance. Is
> that recommended? What about 1.1?
The devices will negotiate the best