efa-project.org

Hello Community,

since yesterday our tls isnt working properly. We are using the e.f.a. behind a microsoft exchange cluster, which is relaying the mails to the efa in to the dmz.

exchange is sending mails with tls. but the efa isnt relaying properly i think.


smtp_tls_security_level = may
smtpd_tls_protocols = TLSv1.3 TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.trust.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
smtp_tls_CApath = /etc/postfix/tmp/
smtp_tls_key_file = /etc/postfix/ssl/keyfile.key
smtpd_tls_cert_file = /etc/postfix/ssl/pemfile.pem
smtpd_tls_key_file = /etc/postfix/ssl/pemfile.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_loglevel = 1
tls_preempt_cipherlist = yes
tls_medium_cipherlist = ECDSA+AESGCM:ECDH+AESGCM:DH+AESGCM:ECDSA+AES:ECDH+AES:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

Is there something wrong with the config?

exchange is sending mails with tls. but the efa isnt relaying properly i think.

1. The version of efa used?
2. What did you change yesterday ?
3. Why do you think efa isnt relaying properly?
4. Did you check the logs?
5. Did you check the services are up and running?
6. Why/when did you change the tls params in /etc/postfix/main.cf ?
7. Can you post the result of