now i got it. sorry and thank you for your help.
Am Dienstag, 15. Januar 2019 schrieb Viktor Dukhovni < postfix-us...@dukhovni.org>: >> On Jan 15, 2019, at 8:39 AM, Stefan Bauer <cubew...@googlemail.com> wrote: >> >> -o smtpd_tls_mandatory_ciphers=high >> -o tls_preempt_cipherlist=yes >> -o tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-S >> HA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA > > Instead, try: > > master.cf: > submission inet ... smtpd > ... > -o smtpd_tls_security_level=encrypt > -o smtpd_tls_mandatory_ciphers=high > -o smtpd_tls_exclude_ciphers=$msa_exclude_ciphers > > main.cf: > msa_exclude_ciphers = SEED > > See: http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers > > -- > Viktor. > >