@ravenstar68 my main.cf config giving me 100% rating

smtpd_tls_dh1024_param_file=/home/user-data/ssl/dh4096.pem

smtpd_tls_protocols = TLSv1.3 TLSv1.2

smtp_tls_protocols = TLSv1.3 TLSv1.2

smtpd_tls_mandatory_protocols = TLSv1.3 TLSv1.2

smtp_tls_mandatory_protocols = TLSv1.3 TLSv1.2

tls_ssl_options=NO_RENEGOTIATION

tls_ssl_options=NO_COMPRESSION

tls_high_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

smtpd_tls_mandatory_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4

tls_medium_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA

tls_ssl_options = 0x40000000

smtpd_tls_eecdh_grade = ultra

tls_preempt_cipherlist = yes

smtpd_tls_mandatory_ciphers = high

smtpd_tls_ciphers = medium

smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers

smtp_tls_ciphers = $smtpd_tls_ciphers

lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers

lmtp_tls_ciphers = $smtpd_tls_ciphers

Donāt foget to generate 4096 DH in /home/user-data/ssl/dh4096.pem