[Ach] MAAWG recommendation

Gunnar Haslinger gh.bettercrypto at hitco.at
Thu Feb 4 21:42:15 CET 2016

> https://www.m3aawg.org/sites/default/files/m3aawg-forward-secrecy-recommendations-2016-01.pdf

Your guide says "Generate certs such as ..." => but you describe how to
generate DH-Parameters, not certs.

And there is no option "smtpd_tls_4096_param_file" in Postfix.

see the documentation here:

you can of course configure the option "smtpd_tls_dh512_param_file" to
reference a file containing 1024bit DH-Parameters and use
"smtpd_tls_dh1024_param_file" to configure a file containing 2048bit
DH-Parameters. But there is no Postfix-Option
"smtpd_tls_4096_param_file" - so this is useless. Configure the two
existing options.

and: you missed to configure a certificate by using smtpd_tls_cert_file

My tutorial which includes DANE too is available here:
Postfix Settings start on Page 61.


More information about the Ach mailing list