1

Topic: TLS Version Fix

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer?  I do believe it was a downloadable installer
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MARIADB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello everyone,

I just did a Nessus scan and it's giving me this warning:

TLS Version 1.1 Protocol Deprecated - Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.

Contents of /etc/postfix/main.cf

smtpd_tls_protocols = !SSLv2 !SSLv3 !TLSv1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1

lmtp_tls_protocols = !SSLv2 !SSLv3 !TLSv1
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1

With the above settings the mail server works as it should.

When I change to these settings I'm no longer able to receive emails:

smtpd_tls_protocols = !SSLv2 !SSLv3 !TLSv1.2 !TLSv1.3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1.2 !TLSv1.3

lmtp_tls_protocols = !SSLv2 !SSLv3 !TLSv1.2 !TLSv1.3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1.2 !TLSv1.3

I'm not exactly sure what I'm doing wrong, so any help would be greatly appreciated.

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: TLS Version Fix

You are aware that ! means an negation?
Aswell don't touch the lmtp settings.

smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1