> https://www.m3aawg.org/sites/default/files/m3aawg-forward-secrecy-recommendations-2016-01.pdf >
Your guide says "Generate certs such as ..." => but you describe how to generate DH-Parameters, not certs. And there is no option "smtpd_tls_4096_param_file" in Postfix. see the documentation here: http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file you can of course configure the option "smtpd_tls_dh512_param_file" to reference a file containing 1024bit DH-Parameters and use "smtpd_tls_dh1024_param_file" to configure a file containing 2048bit DH-Parameters. But there is no Postfix-Option "smtpd_tls_4096_param_file" - so this is useless. Configure the two existing options. and: you missed to configure a certificate by using smtpd_tls_cert_file My tutorial which includes DANE too is available here: https://hitco.at/blog/wp-content/uploads/Sicherer-E-Mail-Dienste-Anbieter-DNSSec-DANE-HowTo.pdf Postfix Settings start on Page 61. regards, Gunnar _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
