[Ach] MAAWG recommendation
Gunnar Haslinger
gh.bettercrypto at hitco.at
Thu Feb 4 21:42:15 CET 2016
> https://www.m3aawg.org/sites/default/files/m3aawg-forward-secrecy-recommendations-2016-01.pdf
>
Your guide says "Generate certs such as ..." => but you describe how to
generate DH-Parameters, not certs.
And there is no option "smtpd_tls_4096_param_file" in Postfix.
see the documentation here:
http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file
you can of course configure the option "smtpd_tls_dh512_param_file" to
reference a file containing 1024bit DH-Parameters and use
"smtpd_tls_dh1024_param_file" to configure a file containing 2048bit
DH-Parameters. But there is no Postfix-Option
"smtpd_tls_4096_param_file" - so this is useless. Configure the two
existing options.
and: you missed to configure a certificate by using smtpd_tls_cert_file
My tutorial which includes DANE too is available here:
https://hitco.at/blog/wp-content/uploads/Sicherer-E-Mail-Dienste-Anbieter-DNSSec-DANE-HowTo.pdf
Postfix Settings start on Page 61.
regards,
Gunnar
More information about the Ach
mailing list