Thanks for that Carl. I will try that in my dovecot.


An interesting note.. The default dovecot ciphers are

ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH


When I did a

openssl ciphers 'ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH'  > /var/qmail/control/tlsserverciphers


I could then not longer send to the qmailtoaster list!!   haha...


Gary

On 9/4/2019 1:20 PM, CarlC Internet Services Service Desk wrote:

For Dovecot, I use

 

ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2

 

Then under ssl_cipher_list, I have a long list of ciphers [and blocked ones] that start with the strongest and work downward from there. When I run a scan against IMAPS, any that are found to be compromised, I change the list to match. This is why I don’t list mine as its fluid based on the latest scans.

 

$0.02,

Carl

--------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to