Mail-in-a-Box Forum

Hardening Mailserver

psychofaktory June 1, 2025, 6:50pm 1

After setting up Miab version 71a today, I carried out some functionality tests.

Hardenize.com showed the following warnings for e-mail → TLS:

Deprecated TLS 1.0 protocol supported
Server doesn’t enforce cipher suite preferences

Internet.nl showed the following warnings at its e-mail-server test:

TLS version → TLS 1.1 phase out, TLS 1.0 phase out
Ciphers (Algorithm selections; First found) → AES256-GCM-SHA384 phase out
Key exchange parameters → DH-2048 insufficient

What would need to be adjusted here so that I can obtain the recommended values?

KiekerJan June 1, 2025, 6:55pm 2

Most of this is arranged in the postfix configuration. See Update security settings for ssl and tls by kiekerjan · Pull Request #2494 · mail-in-a-box/mailinabox · GitHub for a proposal for some changes on this topic.

2 Likes