Adjusting postfix config (
main.cf) to make internet.nl happy:
tls_ssl_options = NO_COMPRESSION,NO_RENEGOTIATION
tls_preempt_cipherlist = yes
smtpd_tls_dh1024_param_file = /etc/postfix/ffdhe4096.pem
Configuration regarding RFC7919 for various services (postfix, Apache, PureFTPd, dovecot).
/etc/named.conf:21: option 'dnssec-enable' is obsolete and should be removedWell, it must be removed, otherwise BIND 9.16 does not start anymore (comes with Debian bookworm). See release info.