I think it is a fundamental question on what your goal is: To
send/receive mail under any circumstance or force a minimum security
level.
With that it is important to distinguish between receiving mail and
sending. The issue with leaving every old option available is, that
broken tls versions or pl
> If you are curious about the defaults in your Postfix use
> postconf | grep tls
That should be:
postconf -d | grep tls
br, Petri
smime.p7s
Description: S/MIME cryptographic signature
On Thu, May 14, 2020 at 12:56:46PM -0400, Ian Evans wrote:
> As some test suite recommendations might be harsher than what is practical
> I thought I'd check with the people who actually work on Postfix.
The most important question is: are you talking about mandatory or
opportunistic TLS. All the
> Thanks. When tweaks may have been made over the years, is there a page in the
> docs that just has a clean list of defaults for master.cf? Or check the .dist
> files?
You suspect tweaks have been made to your system? Use
postconf -n | grep tls
postconf -M | grep tls
to find out. Go throug
> As some test suite recommendations might be harsher than what is practical I
> thought I'd check with the people who actually work on Postfix.
>
> 1) some test sites say TLS 1.0 should be disabled for NIST compliance. Is
> that recommended? What about 1.1?
The devices will negotiate the best
As some test suite recommendations might be harsher than what is practical
I thought I'd check with the people who actually work on Postfix.
1) some test sites say TLS 1.0 should be disabled for NIST compliance. Is
that recommended? What about 1.1?
2) is there a page that has up-to-date recommend
