ADD TO /etc/postfix/main.cf
vi /etc/postfix/main.cf
# Hardening SSL configuration
#
# enable opportunistic TLS support in the SMTP server and client
smtp_tls_security_level = may
smtp_tls_loglevel = 1
# only offer authentication after STARTTLS
smtpd_tls_auth_only = yes
# Disable SSL compression
tls_ssl_options = NO_COMPRESSION
# Disable SSLv2 and SSLv3 leaving TLSv1, TLSv1.1 and TLSv1.2 enabled.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
# Configure the allowed cipher list
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
# Enable EECDH key exchange for Forward Security
smtpd_tls_eecdh_grade=ultra
hi, you have sslv3 activated in tls_high_cipherlist, you should remove it
Updated…thanks