By default DH Parameters are just 1024bits in Ubuntu 12.04.5 LTS which is considered weak by todays standards.
You will need to create a new one of either 2048Bit or 4096Bit depending on your certificates public key size.
1. Create a folder to hold the dhparams…
mkdir /etc/ssl/dh
2. Move to that directory
cd /etc/ssl/dh
3. Create the new DH Parameters, at 2048Bit
openssl dhparam -out RSA2048.pem -5 2048
And 4096Bit (this will take some time)
openssl dhparam -out RSA4096.pem -5 4096
5. You can also create DSA versions, at 2048Bit…
openssl dhparam -dsaparam -out DSA2048.pem 2048
And 4096Bit
openssl dhparam -dsaparam -out DSA4096.pem 4096
Now you can add the directives to your servers, Courier-Imap, Dovecot, Nginx and Postfix.
Courier-Imap
TLS_DHPARAMS=/etc/ssl/dh/RSA2048.pem
Dovecot (creates it’s own)
ssl_dh_parameters_length = 2048
Nginx
ssl_dhparam /etc/ssl/dh/RSA2048.pem;
Postfix
smtpd_tls_dh1024_param_file = /etc/ssl/dh/RSA2048.pem
Enjoy!