Recent content by cphillips

Thanks Tom. I need to add the following lines to my main.cf Postfix file: smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1...

Tom, This produced loads of output (screens and screens). Was there any particular part you were interested in?

Tom, Ok. The company has an externally facing mail server (Proxmox Mail Gateway). This has port 25 open to the internet to allow emails to be received. When emails are coming in to Proxmox they are not allowed to use the TLS 1.0 protocol in Postfix to communicate as this is deemed insecure...

Thanks Tom, I've created that file with the cipher list and rebooted. Re-running the scan against the server still shows it as having TLS 1.0 as a connection option.

Tom, I don't have /etc/default/pmgproxy on my system to modify?!

All. I have installed Promox Mail Gateway 5.2. As part of a business solution, this server needs to pass a PCI-DSS scan every 4 months. One of the things the scan checks for is the disablement of TLS 1.0. I've run a scan against the Proxmox server and it is coming back as TLS 1.0 being...