Ping a Specific Port

Question

burnersk

Asked: 2015-02-20 04:08:17 +0800 CST2015-02-20 04:08:17 +0800 CST 2015-02-20 04:08:17 +0800 CST

How to disable SSLv3 in Postfix 2.11?

772

I just noticed (by some online check tools) that my mailserver may allow SSLv3 and updated my configuration.

My current config in Postfix 2.11.2:

# inbound
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
# outbound
smtp_tls_security_level = may
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3

Unfortunately the tools keep saying SSLv3 is accepted.

How to convert the desired (nginx) configuration into Postfix (inbound and outbound) one?

Using Debian/7, Postfix/2.11.2, OpenSSL/1.0.1e

1 Answers

Voted

burnersk · Answer 1 · 2015-02-22T01:25:31+08:00

Best Answer

burnersk

2015-02-22T01:25:31+08:002015-02-22T01:25:31+08:00

The tools were not lying!

The solution have to look this way:

# inbound
smtpd_tls_security_level = may
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
# outbound
smtp_tls_security_level = may
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3

smtp[d]_tls_security_level == "may": smtp[d]_tls_protocols is used
smtp[d]_tls_security_level == "encrypt": smtp[d]_tls_mandatory_protocols is used
smtp[d]_tls_security_level == "none": none of these two parameters is used

9

How to disable SSLv3 in Postfix 2.11?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?