Hi !
nur den smtpd / tls part ?
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_connection_rate_limit = 4
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dsn.rfc-ignorant.org
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040, check_policy_service unix:private/policy-spf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = domain.tld
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams_4096.pem (da hatte ich schon mit 2048 probiert
smtpd_tls_eecdh_grade = ultra
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_cert_file = /etc/letsencrypt/live/smtp.hoerst.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/smtp.hoerst.net/privkey.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
tls_ssl_options = NO_COMPRESSION
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
Gruss gerd