Version 6.4.9 Release Notes

Release Date: 26 November, 2019

In this release, there are some major changes.

Enabling TLSv1.3 support

Restriction: SSLv2 support is now removed.

The manager interface (served by miniserv.pl on default port 18080) supports TLSv1.3 out of the box, no configuration is required.

The group manager interface and end user interface (served by Apache on default port 28443) must be configured to enable TLSv1.3. You must add +TLSv1.3 to the current value of SSLProtocol in <PMX_INSTALLATION_PREFIX>/etc/manager/httpd2/ssl.conf. For example, if your file has this line:

SSLProtocol -ALL +TLSv1.1 +TLSv1.2

you must change it to this:

SSLProtocol -ALL +TLSv1.1 +TLSv1.2 +TLSv1.3

For more information, visit SSL/TLS Strong Encryption: How-To on the Apache website.

Postfix support for TLSv1.3

By default your Postfix MTA may support TLSv1.3. This depends how the parameters smtpd_tls_protocols and smtp_tls_protocols are configured.

For example, the following <PMX_INSTALLATION_PREFIX>/postfix/etc/main.cf file will support all TLS protocols (including TLSv1.1, TLSv1.2 and TLSv1.3) except the excluded ones (SSLv2, SSLv3, TLSv1):


                smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 
                smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 
                smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1 
                smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1 
                lmtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 
                lmtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1 
                lmtp_tls_ciphers = high 
                lmtp_tls_mandatory_ciphers = high 
                smtp_tls_ciphers = high 
                smtp_tls_mandatory_ciphers = high 
                smtpd_tls_ciphers = high 
                smtpd_tls_mandatory_ciphers = high 
                tlsproxy_tls_ciphers = high 
                tlsproxy_tls_mandatory_ciphers = high 
                tls_preempt_cipherlist = yes 
                smtpd_tls_security_level = encrypt 
                smtpd_tls_cert_file = /opt/pmx6/etc/manager/httpd2/pmx-cert.pem 
            

SuSE Linux Enterprise Server 15 support

Starting with this version, PureMessage for Unix supports SuSE Linux Enterprise Server 15.