On Wed, Jan 29, 2014 at 09:42:00PM -0500, Wietse Venema wrote:
> > If postconf(1) is the same version of Postfix as smtp(8), then you
> > check with "postconf smtp_tls_loglevel". This parameter is not
> > defined when TLS support is not available.
>
> All TLS (and SASL) parameters are defined whether or not the feature
> is compiled in. However, the SMTP client and server will log warning
> when the feature is turned on.
Yes, I neglected to check whether parameters that are conditionally
compiled into smtp(8) and friends are also conditionally compiled
into postconf(1). It seems that nowdays, postconf picks up all
parameters even for features disabled at compile time. Was it
always this way? I have dim memories of seeing fewer parameters
from "postconf -d" in some long ago release when compiling without
TLS support.
> > You can also run "ldd /usr/libexec/postfix/smtp" (adjust to where-ever
> > your daemon_directory is) to see whether the smtp(8) delivery
> > agent is linked with libssl and libcrypto.
>
> This is correct.
Or also "strings /usr/libexec/postfix/smtp | grep smtp_tls_loglevel",
the delivery agent definitely includes this only when TLS is enabled.
You should also have warnings in the logs:
TLS has been selected, but TLS support is not compiled in
when TLS is enabled in main.cf (even when site-dependent), but smtp(8)
is not compiled with TLS support. That warning dates back to
postfix-2.2-20050119.
--
Viktor.
