Package: postfix
Version: 3.4.5-1
Severity: minor
File: /usr/share/postfix/main.cf.tls
In a fresh Debian 10 with postfix, I didn't recognize these options in main.cf:
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
According to postfix's documentation (http://www.postfix.org/TLS_README.html),
the first option should "generally be left empty" these days (it lists some
minimum versions).
The second option is "highly recommended", so should stay as-is.
I *think* /etc/postfix/main.cf gets them from /usr/share/postfix/main.cf.tls.
Is there a good reason to leave smtpd_tls_session_cache_database in main.cf.tls?
If not, please remove it.
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 'stable-debug'),
(500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled