Disabling TLSv1.0 on postfix = ~25% of mails not received
Hello. I have been running an Arch Linux Postfix mail server for about 3 years now and have had quite a good experience with it. However, I have been keeping up with current security news and have seen that TLSv1.0 is broken and should be disabled (indeed, the "PCI DSS" standards disallow it.) So I have added the following in /etc/postfix/main.cf:
Code:
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1 Code:
Feb 11 20:22:32 MailServer postfix/smtpd[23118]: connect from ec2-54-183-213-26.us-west-1.compute.amazonaws.com[54.183.213.26] Is this because the sending servers only support TLSv1? (Kind of hard to believe that Amazon and Yahoo still operate that way...). Or could it be due to misconfiguration on my part? |
Just so you're aware of it, the PCI standard has been recently changed to allow TLS1.0 until (I believe) 2018
[Edit:]Rather annoyingly as we spent a lot of effort in to going TLS1.1 ahead of our normal upgrade schedule. |
All times are GMT -5. The time now is 01:43 PM. |