Updated u_e-reenable-weak-protocols for 2024-06

mailcow · Jun 6, 2024 · 6a7eb37 · 6a7eb37
1 parent b7a4019
commit 6a7eb37
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/docs/manual-guides/u_e-reeanble-weak-protocols.de.md b/docs/manual-guides/u_e-reeanble-weak-protocols.de.md
@@ -1,14 +1,19 @@
 Am 12. Februar 2020 haben wir die veralteten Protokolle TLS 1.0 und 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) und Postfix (SMTPS, SUBMISSION) deaktiviert.
 
-Unauthentifizierte Mails über SMTP an Port 25/tcp akzeptieren weiterhin >= TLS 1.0 . Es ist besser, eine schwache Verschlüsselung zu akzeptieren als gar keine.
+Mit dem Juni 2024 Patch (2024-06) wurde auch TLS 1.0 und TLS 1.1 für unauthentifizierte Mails über SMTP auf Port 25/tcp deaktiviert, da die meisten modernen und gut konfigurierten E-Mail-Server im Internet mittlerweile bessere Verschlüsselungen als TLS 1.0/1.1 nutzen.
 
-**Wie kann man schwache Protokolle wieder aktivieren?**
+**Wie kann man schwache Protokolle wieder aktivieren, falls erforderlich?**
 
 Bearbeiten Sie `data/conf/postfix/extra.cf`:
 
 ```
+# Für SMTPS/Submission
 submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+# Für SMTP (via STARTTLS)
+smtp_tls_protocols = !SSLv2, !SSLv3
+smtpd_tls_protocols = !SSLv2, !SSLv3
 ```
 
 Bearbeiten Sie `data/conf/dovecot/extra.conf`:

diff --git a/docs/manual-guides/u_e-reeanble-weak-protocols.en.md b/docs/manual-guides/u_e-reeanble-weak-protocols.en.md
@@ -1,14 +1,19 @@
-On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION).
+On February 12th, 2020, we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION).
 
-Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.
+With the June 2024 Patch (2024-06), TLS 1.0 and TLS 1.1 were also disabled for unauthenticated mail via SMTP on port 25/tcp, as most modern and well-configured email servers on the internet now use better encryptions than TLS 1.0/1.1.
 
-**How to re-enable weak protocols?**
+**How to re-enable weak protocols if necessary?**
 
 Edit `data/conf/postfix/extra.cf`:
 
 ```
+# For SMTPS/Submission
 submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+# For SMTP (via STARTTLS)
+smtp_tls_protocols = !SSLv2, !SSLv3
+smtpd_tls_protocols = !SSLv2, !SSLv3
 ```
 
 Edit `data/conf/dovecot/extra.conf`: