Adjusting postfix config (main.cf
) to make internet.nl happy:
tls_ssl_options = NO_COMPRESSION,NO_RENEGOTIATION
tls_preempt_cipherlist = yes
smtpd_tls_dh1024_param_file = /etc/postfix/ffdhe4096.pem
SIDN has a nice article about Hands-on: implementing DANE in Postfix which covers advanced configuration setting for security, not just DANE, but also TLSA, and DKIM, SPF, DMARC.
Configuration regarding RFC7919 for various services (postfix, Apache, PureFTPd, dovecot).
posted at: 21:34 | path: /configuration | permanent link