Custom TLS settings
By default, Poste.io is pre-configured with the latest security measures. Although the cipher settings are also carefully chosen to be available to most current devices, some legacy devices may have problems logging in or sending email. Custom TLS settings are available to fine-tune compatibility for less capable or obsolete clients.
To change the default TLS settings for SMTP, POP3, IMAP services locate these lines at
[tls] ; Custom settings for TLS (only Dovecot and Haraka). Be warned, mailserver can stop working with invalid settings. auth_required = 1 inbound_min_version = inbound_ciphers =
auth_required - allowed values are
1 (default). To completely disable the TLS requirement when users log in, change this value to
0. This will cause logins, passwords and emails to be sent over the internet in clear text. Do not change this setting unless you know what you are doing.
inbound_min_version - set the minimum TLS version to allow. One of 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. It is not recommended to use less than TLSv1.1, but it may be required for interoperability. Default value is TLSv1.1
inbound_ciphers - cipher suite specification, replacing the default. For more information, see modifying the default cipher suite
Example for legacy clients
[tls] ; Custom settings for TLS (only Dovecot and Haraka). Be warned, the mail server may stop working with invalid settings. auth_required = 1 inbound_min_version = TLSv1 inbound_ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
A good source for settings is Mozilla SSL Configuration Generator