Proxmox Mail Gateway Cipher Suite

V.E.L

New Member
Sep 26, 2018
1
0
1
39
Hello,

How do I modify cipher suite for proxmox mail gateway?

In zimbra I always did this:

zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES,TLS_ECDH_anon_WITH_AES_256_CBC_SHA'
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
2,653
290
83

A2IT

New Member
Jul 15, 2019
2
0
1
24
Hello,

We are currently setting up a pmg cluster and are trying to meet all the requirements of en.internet.nl

Technical details:
Mail server (MX) First found insecure cipher suite
XXX.XXX.XXX. ADH-AES256-GCM-SHA384
XXX.XXX.XXX. ADH-AES256-GCM-SHA384

pmg still uses unsafe chipher, I changed this a few times in main.cf, but this is overwritten every time by the system to the default.
Does anyone know how to put the chipher on high security?

Thank you in advance :)
 

sb-jw

Active Member
Jan 23, 2018
551
49
33
28

heutger

Active Member
Apr 25, 2018
754
206
43
Fulda, Hessen, Germany
www.heutger.net
I believe, he is also looking for something like this: #132

Oh, and a) you should read the post with all information in it, b) you should use some more informal tests like hardenize.com or ssllabs.com (last only for websites), c) you should also consider (as well only for websites) observatory.mozilla.org and gtmetrix.com, e.g. DNSSEC is broken by design (as well) but more worse, it's also an threat vector as DNSSEC could be misused to multiple DNS DDoS amplitudes. DANE the same, broken by design and depends on DNSSEC. BREACH attack stated for my website shouldn't work as I have HSTS enabled and be on the preload list, IPv6 for mail server is currently no good idea, as there is less protection against spam with IPv6. I play around also with other broken by design techniques like SPF, DKIM and DMARC on my private test setup, so that are the results currently.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!