postfix

Disable SSLv3 in Postfix, Dovecot

Postfix:

Disabling certain versions of SSL works like this in Postfix:

In your /etc/postfix/main.cf add or modify the following config parameter like so:

smtpd_tls_protocols=!SSLv2,!SSLv3

If you are using mandatory TLS you’ll want to set this instead:

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

These should be fairly self-explanatory, but for further detail read the Postfix configuration parameters documentation.

Do not forget to restart Postfix!

Dovecot:

In dovecot, add the following to your configuration:

ssl_protocols = !SSLv2 !SSLv3

…and restart Dovecot. If you use a version of Dovecot older than 2.1, upgrade and then do the above.

Postfix error – fatal: parameter “smtpd_recipient_restrictions”

I encountered this error when I added a check_sender_access clause to my smtpd_recipient_restrictions in postfixes “main.cf”:

fatal: parameter “smtpd_recipient_restrictions”: specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit.

I haven’t really checked, but I am guessing this is because smtpd_recipient_restrictions as the last clause isn’t specifically rejecting all mails that aren’t wanted, and so you risk turning your system into an open relay. I did as the error advised, adding reject_unauth_destination to my restrictions, and all was well.