On 6/20/2012 4:27 PM, Matt Van Mater wrote: > However, it strikes me as strange that developers went through the > trouble of automatically configuring "smtpd_use_tls = yes" for > client/servers that support STARTTLS, when that setting has little
Be assured that postfix does *not* set "smtpd_use_tls = yes" automatically. Did you maybe install postfix from a vendor-supplied package? Perhaps they "helpfully" added that setting for you, in which case you should politely ask them to not do that. > As a bit of an aside, I see that there is a setting called > "smtp_tls_loglevel' that is independent of "debug_peer_list" that may > have helped me? The tls loglevel settings would have provided no output, since TLS was not enabled. It is doubtful that the absence of logging would have helped in this case. > IMO this distinction is not intuitive, users > typically don't expect to have to enable debug logging in multiple > places to diagnose a problem. I am not sure if it is included in the > higher log levels of smtp_tls_loglevel, but perhaps you might consider > adding a log message such as: > "WARNING remote server advertised support of STARTTLS but > smtp_tls_security_level is defined as none; communications will not be > encrypted." The debug output is already verbose enough to be pretty useless to anyone not willing to also read the source code to determine which messages are important; adding gratuitous warnings is not likely to improve its usefulness. -- Noel Jones
