Noel Jones:
> On 12/6/2017 1:39 PM, Viktor Dukhovni wrote:
> >
> > As for changing the default, I am not opposed, perhaps given the
> > changes in the SMTP ecosystem since 2014:
> >
> > https://transparencyreport.google.com/safer-email/overview?encrypt_in=end:1512518400000;series:inbound;start:1388534400000&lu=encrypt_in&encrypt_out=end:1512518400000;series:outbound;start:1388534400000
> >
> > a case can be made that Postfix 3.3 should do "may" out of the box.
> > I am curious what other users and Wietse think of such a change...
> >
>
> Postfix does not require TLS support. This probably shouldn't change.
>
> Postfix logs a warning if TLS is enabled but not available. This
> probably shouldn't change.
>
> That said, it's not unreasonable to change postfix-install to run
> the postfix tls commands during first-time installation if TLS is
> available. This might make things easier for first-time casual users
> and probably won't trip up more experienced users.
Noel has a good point. Let's not make OpenSSL a hard dependency.
How would one recognize 'first-time' installation? If that helps
only the tiny minority of sites that install Postfix from source,then
it does not seem to be a good target. Better to get the vendors to
run those commands instead.
Wietse
