Postfix Paranoia
The Postfix docs only suggest generating your own DH parameters as a purely optional step, to provide protection against precomputation attacks.
Good thing I went for it. I'm already set. :)
If you need TLS server configuration advice, then there's this book. No, no affiliation, just a happy customer. It really is comprehensive. He's also got some freebies for you, if you just need the recipes.
Biting the hand that feeds IT
