On Mon, Sep 22, 2025 at 10:48:17AM +0200, A. Schulze via Postfix-users wrote:
> as documented [1], tls_eecdh_auto_curves configure "Postfix SMTP
> client AND server". This "AND" is hurts me a little bit:
> [...]
> anyway: could I configure postfix fo offer X25519MLKEM768 at the submission
> server but not, when acting as smtp client?
That's why we have master.cf overrides.
main.cf:
tls_config_file = ${config_directory}/openssl.cnf
tls_config_name = client
master.cf:
# 25
smtp inet n - n - - smtpd
-o { tls_config_name = server }
...
# 465
submissions inet n - n - - smtpd
-o { tls_config_name = server }
...
# 587
submission inet n - n - - smtpd
-o { tls_config_name = server }
...
openssl.cnf:
server = server_settings
client = client_settings
# -----
[server_settings]
ssl_conf = server_ssl_settings
[server_ssl_settings]
system_default = server_default_settings
[server_default_settings]
Groups = *X25519MLKEM768 / MLKEM768 / *X25519:X448 / P-256 / P-384 /
ffdhe2048:ffdhe3072
# -----
[client_settings]
ssl_conf = client_ssl_settings
[client_ssl_settings]
system_default = client_default_settings
[client_default_settings]
Groups =
X25519MLKEM768:MLKEM768:*X25519:P-256:X448:P-384:ffdhe2048:ffdhe3072
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
