Hello,
I have a setup where a MTA will forward mail to another node, based on
ldap configuration.
It works well, but it uses ADH
Received: from corrin.geekwu.org (unknown [87.98.180.13])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by arrakeen.geekwu.org (Postfix) with ESMTPS id A96DF6C07D
for <bast...@geekwu.org>; Thu, 6 Jul 2017 01:52:53 +0200 (CEST)
I know I should not disable ADH on public interface, but I'd like to
prevent it on "private" interface (intra-cluster only), as "cluster"
nodes does communicate over Internet.
the private interface is defined in master.cf:
26 inet n - - - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,reject
-o syslog_name=postfix/cluster
-o smtpd_milters=
-o check_policy_service=
but I did not succeed in fixing cipher for this interface (something
like -osmtpd_tls_ciphers=ECDH+AES does not work ...)
Is there a way to do that ?
Thanks,
--
Bastien
