SpamBlocker 4.5.2 has been released

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello,

I've just released SpamBlocker version 4.5.2.
This change will alter the default ciphers and relay_hosts from:
Code:
[COLOR=#000000]tls_require_ciphers=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
[/COLOR][COLOR=#000000]hostlist relay_hosts=net-lsearch;/etc/virtual/pophosts[/COLOR]
to
Code:
[COLOR=#000000]tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
[/COLOR][COLOR=#000000]hostlist relay_hosts=[/COLOR]

This will update your SSL/TLS ciphers to be a bit more modern, but will likely bump some older email clients if they don't support them.
Removing the pophosts file from the relay_hosts list will now require all relays through the server to use smtp-auth, and can no longer rely on popb4smtp. This is much better for tracking, so you don't need to cross reference a dovecot login IP with exim delivery to figure out which auth was used.


You can go backwards via the /etc/exim.variables.conf.custom file with the old settings if you need to, but old email clients should be updated, and clients should also enable smtp-auth.

John
 
Back
Top