> On Jan 15, 2019, at 8:39 AM, Stefan Bauer <cubew...@googlemail.com> wrote: > > -o smtpd_tls_mandatory_ciphers=high > -o tls_preempt_cipherlist=yes > -o > tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-S > HA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
Instead, try: master.cf: submission inet ... smtpd ... -o smtpd_tls_security_level=encrypt -o smtpd_tls_mandatory_ciphers=high -o smtpd_tls_exclude_ciphers=$msa_exclude_ciphers main.cf: msa_exclude_ciphers = SEED See: http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers -- Viktor.