On Sun, Dec 11, 2022 at 04:20:25PM +0100, Matus UHLAR - fantomas wrote:
> On 10.12.22 16:48, Alex wrote:
> >I think I assumed there was a vulnerability, like there is with SSLv3, that
> >lead me to disable it.
At this point disabling SSLv3 is best-practice, there are no longer
sufficiently many s
On 07.12.22 12:28, Alex wrote:
>smtp_tls_security_level = may
>smtpd_tls_security_level = may
>smtp_tls_mandatory_protocols= !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
>smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
On Thu, Dec 8, 2022 at 2:17 AM Matus UHLAR - fantomas
wrote:
so, you
On 12/10/22 16:48, Alex wrote:
> Hi,
>
> On Thu, Dec 8, 2022 at 2:17 AM Matus UHLAR - fantomas
> wrote:
>
>> On 07.12.22 12:28, Alex wrote:
>>> smtp_tls_security_level = may
>>> smtpd_tls_security_level = may
>>> smtp_tls_mandatory_protocols= !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
>>> smtp_tls_protoc
On Sat, Dec 10, 2022 at 04:48:12PM -0500, Alex wrote:
> I think I assumed there was a vulnerability, like there is with SSLv3, that
> lead me to disable it.
>
> I've now changed it to just:
>
> smtpd_tls_mandatory_protocols = >=TLSv1.0
Sadly, that won't work. The known keyword is "TLSv1", th
Hi,
On Thu, Dec 8, 2022 at 2:17 AM Matus UHLAR - fantomas
wrote:
> On 07.12.22 12:28, Alex wrote:
> >smtp_tls_security_level = may
> >smtpd_tls_security_level = may
> >smtp_tls_mandatory_protocols= !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
> >smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1
On 07.12.22 12:28, Alex wrote:
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_mandatory_protocols= !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
so, you don't enforce TLS on a server-server communication (correct), but
On 2022-12-07 at 12:28:49 UTC-0500 (Wed, 7 Dec 2022 12:28:49 -0500)
Alex
is rumored to have said:
> Hi,
> I have a few mail relays using Lets Encrypt certs to provide TLS. I'm
> pretty sure I've configured them properly, but hope someone would confirm.
> I've seen a few errors that I believe are
Hi,
I have a few mail relays using Lets Encrypt certs to provide TLS. I'm
pretty sure I've configured them properly, but hope someone would confirm.
I've seen a few errors that I believe are a result of a poorly configured
client, but I wanted to be sure.
Dec 7 10:27:32 armor postfix-110/smtpd[57
