Google's gmail and tls policy

NethServer Version: 7.6.1810 final
Module: postfix

I tried every one of our available tls policies… and verified each changed in, each policy still causes hate with google.
Feb 5 17:53:44 server9b postfix/smtp[28379]: Untrusted TLS connection established to[]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

Lowest policy in
# TLS for smtp

smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_cert_file = /etc/postfix/postfix.crt
smtp_tls_key_file = /etc/postfix/postfix.key

# Force cipher 2018-03-30
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
1 Like

Curiously though, when I set policy to 10-2018 postfix says 6-2018, I read the docs and I see it states that 10-2018 only applies to ejabber but still…

# cipher selection 2018-06-21 (RSA and ECC certificate)

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3

tls_preempt_cipherlist = yes

Do you have a self-signed certificate?

Letsencrypt, generated by the ui post upgrade.