read this for testing please https://github.com/NethServer/dev/issues/5421#issuecomment-377354423
for now I found two minor bugs only in postfix
-
a warning in postfix
[root@ns7dev7 ~]# Dec 2 20:18:13 ns7dev7 postfix: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: tls_ssl_options=NO_COMPRESSION
the doc states postfix must be > 2.11, so we should remove it
-
RC4 is enabled in postfix we need to modify this in /etc/postfix/main.cf
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:kEDH:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_exclude_ciphers = aNULL:eNULL:LOW:3DES:MD5:EXP:PSK:DSS:RC4:SEED:IDEA:ECDSA
please play with testssl.sh to find errors