Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content

Higher Cipher for mail service

Hello,

@Manoj form the community told me to create here an issue for that: https://community.e.foundation/t/higher-ciper-dane-for-mail-please/8356

I tested your mail service to find out which protocol you use and which cipher suites. The result you can find here: https://mecsa.jrc.ec.europa.eu/en/finderRequest/42625b68ac2493b3ae7aefaadb0dbfaf

Please get rid of the old RSA ciphers, you can use for Postfix this setup:

smtpd_use_tls = yes

smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /path/to/signed_cert_plus_intermediates
smtpd_tls_key_file = /path/to/private_key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

tls_preempt_cipherlist = no

For Dovecot this:

ssl = required

ssl_cert = </path/to/signed_cert_plus_intermediates
ssl_key = </path/to/private_key

ssl_dh = </path/to/dhparam.pem

# modern configuration
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = no

When you guys need help, let me no I work as Linux Server Administrator for years now.