On Thu, Oct 24, 2024 at 11:33:22 -0400, Wietse Venema via Postfix-users wrote:
> And for the Postfix SMTP server, this would add two guards
> to Viktor's example:
>
> smtpd_tls_security_level =
> ${{$compatibility_level} >=level {3.10} ?
> {${built_with_tls ?
> {${smtpd_tls_chain_files ? {may} :
> {${smtpd_tls_cert_file ? {may} :
> {${smtpd_tls_eccert_file ? {may} :
> {${smtpd_tls_dcert_file ? {may}}}}}}}}}}}}
>
> Configuration like this is ugly, and is acceptable only for
> compiled-in default settings.
I would think that a postfix installer or packager that installs a default
certificate, can also add an explicit "smtpd_tls_security_level = may" to
the accompanying main.cf, so all these conditions are not really necessary
for the server side?
For the client side, with no dependencies beyond "built_with_tls", it's a
good idea.
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
