Bobcares
Client Area
Emergency Support
Latest | Server Management

Postfix disable TLS – How we do it easily?

by | Sep 26, 2019

Have you ever wondered why and how to disable TLS in postfix?

Postfix, one of the oldest mail servers need special care while enabling email security protocols.

Many times legacy or poorly configured servers only accept mails after disabling TLS.

As insecure TLS version cause security threats, we assist customers to effectively disable TLS in Postfix as part of our Server Management Services.

Today, let’s check why we disable TLS and how our Support Engineers do it for our customers.

Why Postfix disable TLS?

The Transport Layer Security protocol aka TLS provides end-to-end security of data sent via the Internet. So, it is widely used to protect websites.

By default, the Postfix SMTP server disable TLS in its configuration. However, many customers explicitly switch it on with the code smtpd_tls_security_level = encrypt in the configuration.

Again, the older versions of TLS are vulnerable to various security attacks. For instance, older versions of TLS can cause a BEAST attack, POODLE attack, etc.
Also, this creates problems when sending email to a specific host, which do not agree to the TLS standards.

Therefore, for better server security, we try to avoid older TLS versions.

 

How we disable TLS in Postfix?

So now, let’s get into some methods that our Support Engineers use to disable TLS.

Recently, one of our customers contacted us to help him disable TLS in Postfix.

For that, our Support Engineers updated the below setting in the Postfix config file at /etc/postfix/main.cf.

smtpd_tls_security_level = none

Setting the above value to none helps not to use TLS unless enabled for specific destinations.

As we have already said, older versions of SSL/TLS has many flaws. And, SSL v2/3 and TLS v1.0 are major insecure TLS protocol. The attackers use these versions to exploit vulnerabilities like beast and poodle.

Therefore, we also disable these insecure versions of SSL and TLS by editing the main.cf file.

smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_tls_mandatory_protocols  = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_protocols           = !SSLv2,!SSLv3,!TLSv1
smtp_tls_protocols            = !SSLv2,!SSLv3,!TLSv1

This helps to deactivate all the vulnerable versions of SSL and TLS and improves security.

Finally, we make the configuration changes active by restarting Postfix on the server. For this we use the commands:

service postfix stop
service postfix start

 

[Need more assistance to disable TLS in Postfix?- We’ll help you.]

 

Conclusion

In short, we can disable TLS in Postfix by adjusting the smtpd_tls_security_level in the Postfix configuration file. Today’s write up discussed the insecurities of older TLS versions and saw how our Support Engineers disable it for customers.

Related posts:

  1. Postfix encrypt email – How we enable this and fix the related errors?
  2. How we efficiently enable port 587 postfix?
  3. Postfix greylisting in Ubuntu – How we do it?
  4. Postfix connection refused – Quick ways to fix this error

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Postfix encrypt email – How we enable this and fix the related errors?
  2. How we efficiently enable port 587 postfix?
  3. Postfix greylisting in Ubuntu – How we do it?
  4. Postfix connection refused – Quick ways to fix this error

Never again lose customers to poor
server speed! Let us help you.

GET STARTED