2022-02-02 12:23:46 +01:00
|
|
|
On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION).
|
|
|
|
|
|
|
|
|
|
Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.
|
|
|
|
|
|
|
|
|
|
**How to re-enable weak protocols?**
|
|
|
|
|
|
|
|
|
|
Edit `data/conf/postfix/extra.cf`:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
|
|
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Edit `data/conf/dovecot/extra.conf`:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
ssl_min_protocol = TLSv1
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Restart the affected services:
|
|
|
|
|
|
2023-01-13 18:16:08 +01:00
|
|
|
=== "docker compose (Plugin)"
|
|
|
|
|
|
|
|
|
|
``` bash
|
|
|
|
|
docker compose restart postfix-mailcow dovecot-mailcow
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
=== "docker-compose (Standalone)"
|
|
|
|
|
|
|
|
|
|
``` bash
|
|
|
|
|
docker-compose restart postfix-mailcow dovecot-mailcow
|
|
|
|
|
```
|
2022-02-02 12:23:46 +01:00
|
|
|
|
|
|
|
|
Hint: You can enable TLS 1.2 in Windows 7.
|
