Also this script that will regenerate Dovecot dhparam once a month.
#!/bin/bash
# Regenerates our Diffie-Hellman parameters periodically.
# Author: James F. Carter; 2015-07-14
# Uses bash-isms (arithmetic expressions).
# How old is the DH parm file? Specify the max age in integer days.
maxage=30
dhfile=/etc/postfix/dh4096.pem
if [ -r $dhfile ] ; then
mtime=`stat -c %Y $dhfile`
now=`date +%s`
if [ $((now-mtime)) -lt $((86400*maxage)) ] ; then exit 0 ; fi
fi
echo "=== Regenerating the Diffie-Hellman group file (crypto)"
mkdir -p /tmp/system
openssl dhparam -out $dhfile.new 4096 2> /tmp/system/diffie.errs && \
mv $dhfile.new $dhfile
sshfile=/etc/ssh/moduli
ssh-keygen -G $sshfile.can -b 2048 && \
ssh-keygen -T $sshfile.new -f $sshfile.can && \
mv $sshfile.new $sshfile && \
rm $sshfile.can
30 2 * * * /root/regenerate-DH.sh