*** /etc/univention/templates/files/etc/postfix/main.cf.d_orig/60_tls	2015-03-15 16:16:07.083826870 +0100
--- /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls	2015-03-15 18:40:28.935804793 +0100
***************
*** 4,9 ****
--- 4,10 ----
  smtpd_starttls_timeout = 300s
  smtpd_timeout = 300s
  @!@
+ print 'smtpd_tls_exclude_ciphers = %s' % baseConfig.get('mail/postfix/smtpd/tls/exclude_ciphers', 'RC4, aNULL')
  fqdn = '%s.%s' % (baseConfig.get('hostname'), baseConfig.get('domainname'))
  print 'smtpd_tls_cert_file = %s' % baseConfig.get('mail/postfix/ssl/certificate', '/etc/univention/ssl/%s/cert.pem' % fqdn)
  print 'smtpd_tls_key_file = %s' % baseConfig.get('mail/postfix/ssl/key', '/etc/univention/ssl/%s/private.key' % fqdn)
***************
*** 25,30 ****
--- 26,32 ----
  # smtp client
  @!@
  print 'smtp_tls_security_level = %s' % baseConfig.get('mail/postfix/tls/client/level', 'none')
+ print 'smtp_tls_exclude_ciphers = %s' % baseConfig.get('mail/postfix/tls/client/exclude_ciphers', 'RC4, aNULL') 
  @!@
  
  # Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN