- Joined
- Feb 27, 2003
- Messages
- 8,138
Hello,
I've just released SpamBlocker version 4.5.2.
This change will alter the default ciphers and relay_hosts from:
to
This will update your SSL/TLS ciphers to be a bit more modern, but will likely bump some older email clients if they don't support them.
Removing the pophosts file from the relay_hosts list will now require all relays through the server to use smtp-auth, and can no longer rely on popb4smtp. This is much better for tracking, so you don't need to cross reference a dovecot login IP with exim delivery to figure out which auth was used.
You can go backwards via the /etc/exim.variables.conf.custom file with the old settings if you need to, but old email clients should be updated, and clients should also enable smtp-auth.
John
I've just released SpamBlocker version 4.5.2.
This change will alter the default ciphers and relay_hosts from:
Code:
[COLOR=#000000]tls_require_ciphers=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
[/COLOR][COLOR=#000000]hostlist relay_hosts=net-lsearch;/etc/virtual/pophosts[/COLOR]
Code:
[COLOR=#000000]tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
[/COLOR][COLOR=#000000]hostlist relay_hosts=[/COLOR]This will update your SSL/TLS ciphers to be a bit more modern, but will likely bump some older email clients if they don't support them.
Removing the pophosts file from the relay_hosts list will now require all relays through the server to use smtp-auth, and can no longer rely on popb4smtp. This is much better for tracking, so you don't need to cross reference a dovecot login IP with exim delivery to figure out which auth was used.
You can go backwards via the /etc/exim.variables.conf.custom file with the old settings if you need to, but old email clients should be updated, and clients should also enable smtp-auth.
John