SSL/TLS settings for postfix
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.cert
smtpd_tls_key_file = /etc/postfix/ssl/postfix.key
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECHACHA20+POLY1305:EECDH+AESGCM:EDH+AESGCM
tls_preempt_cipherlist = yes
# openssl dhparam -out /etc/postfix/ssl/dhparam.pem 4096
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dhparam.pem