On Sun, Jun 08, 2025 at 09:29:17AM -0400, Wietse Venema via Postfix-users wrote:
> > Can the default be decided at build-time (#ifdef), instead of with
> > run-time conditional configuration?
>
> That would result in an incompatible change for systems that are
> not explicitly configured to enable TLS.
Yes, users of "distro" Postfix packages would see an incompatible
change, ... Mind you, some distros might already have made a such
change.
> With 'may', the Postfix SMTP client will fall back to plaintext only
> after minimal_backoff_time (default: five minutes). That is a
> significant delay. I personally hate it when people "improve" software
> and thereby make some edge case worse.
>
> I'm all for improving Postfix, but not at the cost of worst-case behavior.
FWIW, the fallback in question only arises when the remote server
promises STARTTLS support, which then fails to work. If the server
does not offer STARTTLS, nothing changes.
Typically STARTTLS failure is a server misconfiguraiton, and the server
then deserves the consequences. However, in some cases the server has
working, but somewhat outdated TLS support which the client's overly
eager TLS library or settings consider "inadequate".
The backwards-compatibility stance is then largely helpful to users
whose TLS policy would be too strict if TLS were enabled, unless
the problem is server-side also operated by the same user.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
