<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class=""><div style="white-space: pre-wrap; caret-color: rgb(0, 0, 0); font-family: "DejaVu Sans"; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; margin: 0px;" class=""><span style="font-family: monospace; color: rgb(175, 95, 0); background-color: rgb(255, 255, 255);" class="">smtpd_tls_ciphers</span><span style="font-family: monospace; background-color: rgb(255, 255, 255);" class=""> = </span><span style="font-family: monospace; color: rgb(24, 178, 178); background-color: rgb(255, 255, 255);" class="">medium</span><span style="font-family: monospace; background-color: rgb(255, 255, 255);" class=""> </span><span style="font-family: monospace;" class=""><br class=""></span><span style="font-family: monospace; color: rgb(175, 95, 0); background-color: rgb(255, 255, 255);" class="">smtpd_tls_mandatory_ciphers</span><span style="font-family: monospace; background-color: rgb(255, 255, 255);" class=""> = </span><span style="font-family: monospace; color: rgb(24, 178, 178); background-color: rgb(255, 255, 255);" class="">high</span><span style="font-family: monospace; background-color: rgb(255, 255, 255);" class=""> </span><span style="font-family: monospace;" class=""><br class=""></span></div></div></blockquote><br class=""></div><div>Ist der Unterschied zwischen den beiden gewollt?</div><div><br class=""></div><div><br class=""></div><div><a href="https://syslink.pl/cipherlist/" class="">https://syslink.pl/cipherlist/</a> empfiehlt:</div><div><br class=""></div><div>smtpd_use_tls = yes<br class="">smtpd_tls_security_level = may<br class="">smtpd_tls_auth_only = yes<br class="">smtpd_tls_cert_file = /etc/ssl/postfix.cert<br class="">smtpd_tls_key_file = /etc/ssl/postfix.key<br class="">smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1<br class="">smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1<br class="">smtpd_tls_mandatory_ciphers = medium<br class="">tls_medium_cipherlist = EECDH+AESGCM:EDH+AESGCM<br class="">tls_preempt_cipherlist = yes<br class=""><br class=""></div><div><br class=""></div><div>Das Zertifikat von extern kannst Du z.B. so überprüfen:</div><div><br class=""></div><div>openssl s_client -connect <a href="http://mailserver.de:25" class="">mailserver.de:25</a> -servername <a href="http://mailserver.de" class="">mailserver.de</a> -starttls smtp -showcerts -debug -verify 5</div><div><br class=""></div>Viele Grüße<div class="">Gerald</div></body></html>