Wietse Venema <wie...@porcupine.org> writes: > Noel Jones: >> On 12/6/2017 1:39 PM, Viktor Dukhovni wrote: >> > >> > As for changing the default, I am not opposed, perhaps given the >> > changes in the SMTP ecosystem since 2014: >> > >> > https://transparencyreport.google.com/safer-email/overview?encrypt_in=end:1512518400000;series:inbound;start:1388534400000&lu=encrypt_in&encrypt_out=end:1512518400000;series:outbound;start:1388534400000 >> > >> > a case can be made that Postfix 3.3 should do "may" out of the box. >> > I am curious what other users and Wietse think of such a change... >> > >> >> Postfix does not require TLS support. This probably shouldn't change. >> >> Postfix logs a warning if TLS is enabled but not available. This >> probably shouldn't change. >> >> That said, it's not unreasonable to change postfix-install to run >> the postfix tls commands during first-time installation if TLS is >> available. This might make things easier for first-time casual users >> and probably won't trip up more experienced users. > > Noel has a good point. Let's not make OpenSSL a hard dependency. > > How would one recognize 'first-time' installation? If that helps > only the tiny minority of sites that install Postfix from source,then > it does not seem to be a good target. Better to get the vendors to > run those commands instead.
Is there any reason why postfix, when compiled with TLS, can simply set the default to 'may'? If it is compiled without TLS, the default should be 'no'. micah
