I get the following error from scanning my mailserver with internet.nl
“At least one of your mail servers supports insufficiently secure parameters for Diffie-Hellman key exchange.”
I think this is stopping the mailbox from hitting an almost 100% on the tests. I’m on v73
This comes up occasionally. It’s a question of “do we want to receive mail from old servers?”
https://discourse.mailinabox.email/t/internet-nl-security-test/10070
Some work has been done on this, see Update security settings for ssl and tls by kiekerjan · Pull Request #2494 · mail-in-a-box/mailinabox · GitHub. Specifically, internet.nl recommends to use a predefined 4096 bits DHE finite field group. This is part of the referred pull request.
For the Diffie-Hellman key stuff that should not matter.