|  | @@ -114,14 +114,14 @@ smtpd_tls_loglevel = 1
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  # Mandatory protocols and ciphers are used when a connections is enforced to use TLS
 | 
	
		
			
				|  |  |  # Does _not_ apply to enforced incoming TLS settings per mailbox
 | 
	
		
			
				|  |  | -smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 | 
	
		
			
				|  |  | -lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 | 
	
		
			
				|  |  | -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 | 
	
		
			
				|  |  | +smtp_tls_mandatory_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  | +lmtp_tls_mandatory_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  | +smtpd_tls_mandatory_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  |  smtpd_tls_mandatory_ciphers = high
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -smtp_tls_protocols = !SSLv2, !SSLv3
 | 
	
		
			
				|  |  | -lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 | 
	
		
			
				|  |  | -smtpd_tls_protocols = !SSLv2, !SSLv3
 | 
	
		
			
				|  |  | +smtp_tls_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  | +lmtp_tls_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  | +smtpd_tls_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  smtpd_tls_security_level = may
 | 
	
		
			
				|  |  |  tls_preempt_cipherlist = yes
 | 
	
	
		
			
				|  | @@ -164,11 +164,11 @@ transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
 | 
	
		
			
				|  |  |  smtp_sasl_auth_soft_bounce = no
 | 
	
		
			
				|  |  |  postscreen_discard_ehlo_keywords = silent-discard, dsn, chunking
 | 
	
		
			
				|  |  |  smtpd_discard_ehlo_keywords = chunking, silent-discard
 | 
	
		
			
				|  |  | -compatibility_level = 2
 | 
	
		
			
				|  |  | +compatibility_level = 3.7
 | 
	
		
			
				|  |  |  smtputf8_enable = no
 | 
	
		
			
				|  |  |  # Define protocols for SMTPS and submission service
 | 
	
		
			
				|  |  | -submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 | 
	
		
			
				|  |  | -smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 | 
	
		
			
				|  |  | +submission_smtpd_tls_mandatory_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  | +smtps_smtpd_tls_mandatory_protocols = >=TLSv1.2
 | 
	
		
			
				|  |  |  parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  # DO NOT EDIT ANYTHING BELOW #
 |