Use "smtpd_tls_ciphers = medium" for TLS security.

roles/mail/templates/postfix/main.cf.j2

@@ -35,11 +35,11 @@ smtpd_tls_key_file=/etc/postfix/ssl/{{ ansible_fqdn }}.key
 #smtpd_tls_CAfile=TODO
 smtpd_use_tls=yes
 
+smtpd_tls_ciphers = medium
+
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
-smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
-
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.