##### TLS settings ###### tls_ssl_options = NO_COMPRESSION tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA tls_random_source = dev:/dev/urandom ### outgoing connections ### #smtp_tls_security_level=encrypt smtp_tls_security_level=may smtp_tls_loglevel = 1 smtp_tls_cert_file=/etc/postfix/cert.pem smtp_tls_key_file=/etc/postfix/key.pem smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_mandatory_ciphers=high smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache ### incoming connections ### #smtpd_tls_security_level=encrypt smtpd_tls_security_level=may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtpd_tls_cert_file=/etc/postfix/cert.pem smtpd_tls_key_file=/etc/postfix/key.pem smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers=high smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache