Am 2026-05-10 21:03, schrieb Viktor Dukhovni via Postfix-users:
On Sun, May 10, 2026 at 07:33:39PM +0200, luca-lists--- via
Postfix-users wrote:
I like to be in compliance with the internet.nl mail server test.
My recommendation is finding a better use of your time. There is no
relevant risk. Its 112-bite collision resistance protects your mail
far
better than the RSA signatures you'd pair it with (not post-quantum and
all that).
Recently I got an advisory that SHA224 is to be phased out.
Of no relevance in Postfix or TLS.
smtpd_tls_signature_exclusion = SHA224
1. SHA224 is not a signature algorithm.
2. It is not used with any TLS 1.3 signature schemes.
3. It can be a component of a TLS 1.2 signature scheme, but is
never negotiated in practice.
4. Postfix does not have a smtpd_tls_signature_exclusion parameter,
if you want to restrict the signature algorithms advertised by
OpenSSL, you need to do it in an "openssl.cnf"-style file loaded
by and specifically create for Postfix.
and also:
tls_medium_cipherlist =
EECDH+AESGCM:EDH+AESGCM:ECDHE+CHACHA20:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA224
1. Signature schemes are not ciphers, they're negotiated separately.
2. Don't change this parameter, it is not intended for non-experts.
AI suggested:
tls_config_file = /etc/postfix/tls_config.conf
The AIs have been reading Postfix documentation, and/or the mailing
list.
with contents:
openssl_conf = postfix_tls
[postfix_tls]
ssl_conf = postfix_ssl_sect
[postfix_ssl_sect]
system_default = postfix_system_default
[postfix_system_default]
SignatureAlgorithms =
RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512
That list is too restrictive, you need additional entries for TLS 1.3.
And you'll end up freezing the list at a setting that eventually will
omit stronger algorithms.
You really SHOULD NOT attempt to "solve" this non-problem. Any such
"solution" will be counterproductive.
This works - just wondering if it is normal that
smtpd_tls_signature_exclusion = SHA224 does not offer the desired
result alone.
Made up parameter names have no effect other than warnings in your logs
that the parameter is made up.
lol - Don't remember where I got it from. I guess I just took it for
granted without reading documentation. :/
this appears less restrictive and with TLS 1.3:
SignatureAlgorithms =
ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ed25519:ed448
To me server hardening seems fun, I don't consider it wasting time. But
I see your point. If issues arise I shall revert the changes and remove
the seperate config file.
Thanks
Luca
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
