TLS 1.0 and 1.1 is now disabled for POP3/S, IMAP/S, SMTPS and SUBMISSION | mailcow.email

S, SMTPS and SUBMISSION

Today we disabled the deprecated protocols TLS 1.0 and 1.1.

Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

How to re-enable weak protocols?

nano data/conf/postfix/extra.cf

submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

nano data/conf/dovecot/extra.conf

ssl_min_protocol = TLSv1

Restart the affected services:

docker-compose restart postfix-mailcow dovecot-mailcow

Hint: You can enable TLS 1.2 in Windows 7.