Enable sslv3 support for legacy clients

cherkashin_t

Good afternoon.
Our main clients support tls, but there are federal clients that still work on sslv3.

We tried to override the posfix config and enable sslv3 support, but it’s like the server ignores it and keeps running on tls.

data/conf/postfix/extra.cf :
`submission_smtpd_tls_mandatory_protocols = !SSLv2
smtps_smtpd_tls_mandatory_protocols = !SSLv2

smtp_tls_protocols = !SSLv2
smtpd_tls_protocols = !SSLv2
smtp_dns_support_level =
smtp_enforce_tls = no

tls_ssl_options =

smtpd_tls_exclude_ciphers =
smtpd_tls_mandatory_ciphers = medium
tls_preempt_cipherlist = no

smtpd_tls_auth_only = no
smtp_tls_security_level = may
smtpd_tls_security_level = may`

Is there any way to enable sslv3 support?

DocFraggle

Did you restart the stack after changing the file?

docker compose down
docker compose up -d

cherkashin_t

Yes, we rebooted the postfix and dovecot containers after changing the config files.
Actually the solution to the problem turned out to be in mailbox settings in mailcow ui, disabling tls incoming and outcoming in Encryption policy. It seems to override main.cf and tls policy maps.