On Thu, Oct 24, 2024 at 11:33:22 -0400, Wietse Venema via Postfix-users wrote:
> And for the Postfix SMTP server, this would add two guards
> to Viktor's example:
> 
>     smtpd_tls_security_level =
>         ${{$compatibility_level} >=level {3.10} ?
>             {${built_with_tls ?
>                 {${smtpd_tls_chain_files ? {may} :
>                     {${smtpd_tls_cert_file ? {may} :
>                         {${smtpd_tls_eccert_file ? {may} :
>                             {${smtpd_tls_dcert_file ? {may}}}}}}}}}}}}
> 
> Configuration like this is ugly, and is acceptable only for 
> compiled-in default settings.


I would think that a postfix installer or packager that installs a default
certificate, can also add an explicit "smtpd_tls_security_level = may" to
the accompanying main.cf, so all these conditions are not really necessary
for the server side?

For the client side, with no dependencies beyond "built_with_tls", it's a
good idea.


        Geert


_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to