Each service (HTTP, SMTP on port 25, SMTP on ports 465/587, IMAP) has its own set of configuration parameters, and I wouldn’t recommend modifying them on your own unless you’re researching how to make Mail-in-a-Box better.
If you did the mail check, it’s probably checking only SMTP on port 25, where we’re generally pretty permissive to ensure the best compatibility with anyone trying to send you mail. But we follow best practices which change from year to year, and perhaps it’s time to disable TLSv1.0/1.1 for incoming mail.
Ok, I wasn’t sure if it was a client or server side check, hence my somewhat vague question. If it’s a server side check, wouldn’t they typically be ahead of end users and therefore have higher security settings? I would think so. Yeah, probably time to update settings.
Mail server encryption has always lagged because you end up with not receiving mail or sending mail to a disappointing number of servers, although this has been less and less so over the past ten years. There is actually a lot of mail that really doesn’t need encryption (e.g., mailing lists, newsletters, etc.)
I might be missing something, but Postfix in MiaB is currently configured to optionally use TLS and I thought that the !TLSv1.1 meant that one wouldn’t be used? You might be interested to check the output of postconf -n and evaluate the settings on Postfix Configuration Parameters.
Yes, I saw that too. And yes, I looked at the postfix and dovecot config files.
I get there are instances where encryption is not needed. However, I’m not sending newsletters and the like. As MIAB was designed for, I am using as my personal email only.
If TLS v1 and v1.1 are insecure, why implement? If someone wants to hack they will. Perhaps to deter the casual hacker? Ok, maybe. But if there’s a more secure solution, that’s been in use for some time, why not use that?