[Ach] BetterCrypto guide - POSTFIX configuration mistake / missing parameter

Gunnar Haslinger gh.bettercrypto at hitco.at
Fri Oct 14 12:58:08 CEST 2016

Am 2016-10-14 12:49, schrieb Guillaume REMBERT:

> For MTA, the advice is "better to keep poor encryption than
> nothing". I am fine with this, BUT part of the config indicated is then
> useless (and made me feel like I did something incorrect), isn'it?
> These 2 parameters are not used at all with the opportunistic TLS:
> - smtpd_tls_mandatory_ciphers=high

No, smtpd_tls_mandatory_ciphers and the tls_high_cipherlist is NOT

In the BetterCrypto Config as explained it is used for MSA purposes. MSA
= Mail Submission Agent => On the Submission Ports you only have
Mail-Client to Server-Communication, and out there shouldn't be any old
MailClient which doesn't support the high-cipherlist. And on the
Submission-Ports Plaintext-Communication is disabled. So this makes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20161014/72d75fd8/attachment.html>

More information about the Ach mailing list