postfix_main_settings = {
             "inet_interfaces": "all",
             "recipient_delimiter": "+",
             "local_recipient_maps": "ldap:/etc/postfix/ldap/local_recipient_maps.cf",
            "mydestination": "ldap:/etc/postfix/ldap/mydestination.cf",
             "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport",
             "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
             "smtpd_tls_auth_only": "yes",
             "smtpd_tls_security_level": "may",
             "smtp_tls_security_level": "may",
             "smtpd_sasl_auth_enable": "yes",
             "smtpd_sender_login_maps": "$local_recipient_maps",
             "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
             "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_inc



oming, permit",
             "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
            "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
             "submission_sender_restrictions": "reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
            "submission_data_restrictions": "check_policy_service unix:private/submission_policy",
            "content_filter": "smtp-amavis:[127.0.0.1]:10024"

        }

postfix_main_settings = {
           "inet_interfaces": "all",
           "recipient_delimiter": "+",
           "local_recipient_maps": "ldap:/etc/postfix/ldap/local_recipient_maps.cf",
           "mydestination": "ldap:/etc/postfix/ldap/mydestination.cf",
           "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport",
           "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
           "smtpd_tls_auth_only": "yes",
           "smtpd_tls_security_level": "may",
           "smtp_tls_security_level": "may",
          "smtpd_sasl_auth_enable": "yes",
           "smtpd_sender_login_maps": "$local_recipient_maps",
           "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
           "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
           "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
        "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
           "submission_sender_restrictions": "reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
            "submission_data_restrictions": "check_policy_service unix:private/submission_policy",
            "content_filter": "smtp-amavis:[127.0.0.1]:10024",
            "# Disable SSLv3 ",
            "smtpd_tls_protocols = !SSLv2 !SSLv3 ",
            "smtp_tls_protocols = !SSLv2 !SSLv3 ",
            "lmtp_tls_protocols = !SSLv2 !SSLv3 ",
            "smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 ",
            "smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 ",
            "lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 " 

       }

openssl s_client -starttls smtp -crlf -ssl3 -connect localhost:25

[root@mail etc]# openssl s_client -starttls smtp -crlf -ssl3 -connect localhost:25
CONNECTED(00000003)
139792975714208:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40
139792975714208:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

[root@mail etc]# openssl s_client -starttls smtp -crlf -ssl3 -connect localhost:25
CONNECTED(00000003)
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = localhost.localdomain, emailAddress = root@localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = localhost.localdomain, emailAddress = root@localhost.localdomain
verify return:1
Certificate chain
 0 s:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
 i:/C=/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
Server certificate
-----BEGIN CERTIFICATE-----