On Sat, May 31, 2014 at 10:50:10PM +0000, Juan Pablo wrote: > I will be going encrypted connections only soon (yes I realize the > consequences)
For inbound submission? To a dedicated upstream relay host? With selected peer systems? > so I would like to be able to at the very least disable the > insecure SSLv2, as I would not want to speak to any host that can do this > weak protocol. Is there a reason why the following does not work > > smtpd_tls_mandatory_protocols = !SSLv2 What do you mean by "does not work"? > Also using checktls.com also reports that I have an invalid certificate. > Any reason for this? It is irrelevant, there is no such thing as an "invalid certificate" for MTA to MTA SMTP without DANE. -- Viktor.