On Sat, May 31, 2014 at 10:50:10PM +0000, Juan Pablo wrote:
> I will be going encrypted connections only soon (yes I realize the
> consequences)
For inbound submission?
To a dedicated upstream relay host?
With selected peer systems?
> so I would like to be able to at the very least disable the
> insecure SSLv2, as I would not want to speak to any host that can do this
> weak protocol. Is there a reason why the following does not work
>
> smtpd_tls_mandatory_protocols = !SSLv2
What do you mean by "does not work"?
> Also using checktls.com also reports that I have an invalid certificate.
> Any reason for this?
It is irrelevant, there is no such thing as an "invalid certificate"
for MTA to MTA SMTP without DANE.
--
Viktor.
