Higher Cipher for mail service
Hello,
@Manoj form the community told me to create here an issue for that: https://community.e.foundation/t/higher-ciper-dane-for-mail-please/8356
I tested your mail service to find out which protocol you use and which cipher suites. The result you can find here: https://mecsa.jrc.ec.europa.eu/en/finderRequest/42625b68ac2493b3ae7aefaadb0dbfaf
Please get rid of the old RSA ciphers, you can use for Postfix this setup:
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /path/to/signed_cert_plus_intermediates
smtpd_tls_key_file = /path/to/private_key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_preempt_cipherlist = no
For Dovecot this:
ssl = required
ssl_cert = </path/to/signed_cert_plus_intermediates
ssl_key = </path/to/private_key
ssl_dh = </path/to/dhparam.pem
# modern configuration
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = no
When you guys need help, let me no I work as Linux Server Administrator for years now.