Wietse Venema <wie...@porcupine.org> writes:
> Viktor Dukhovni:
>> On Wed, Dec 19, 2018 at 01:51:19PM -0500, Scott Kitterman wrote:
>>
>> > > So the real question is whether there is a non-trivial community
>> > > of users who:
>> > >
>> > > * Have no explit "smtp_tls_security_level" setting in their main.cf
>> > > file.
>> > >
>> > > * Would not mind to see TLS turned on as a side-effect of a future
>> > > upgrade, but can't find the activation energy to do it explicitly.
>> > >
>> > > Or, whether there are Postfix package maintainers in the same boat:
>> > > too busy to add code to enable opportunistic TLS in the client at
>> > > package install time, but would be happy to see it happen upstream.
>> >
>> > I'm definitely in favor of it being enabled by default, but, in addition
>> > to
>> > being busy, I've been trying to work towards less deviation from upstream
>> > in
>> > Debian vice more. There is already plenty that is well baked into our
>> > ecosystem that would be hard to cleanly remove without causing upgrade
>> > problems.
>> >
>> > Bottom line, I'd love to see it upstream and am unlikely to do it myself.
>>
>> If there are no objections, I can change the default to "may" when
>> TLS is compiled in.
>
> Unrelated but related, what should happen when someone unwittingly
> builds Postfix without TLS support, and Postfix configuration a)
> enables opportunistic TLS or b) Postfix configuration requires TLS?
> Will b) result in mail being sent as plaintext?
>
> Should the build system be updated to use -DUSE_TLS by default and
> to explicitly require -DNO_TLS if people want to build without TLS?
What happens now when someone builds without TLS support and then
enables some TLS option? It seems like the same thing should happen
here.
Viktor Dukhovni <postfix-us...@dukhovni.org> writes:
> For the record, the discussion is not about O/S package maintainers
> making code changes to Postfix, but rather the content of the initial
> "main.cf" file when the package is first installed. A package can
> not only enable outbound opportunistic TLS, but perhaps also (given
> sufficient understanding of the platform) enable DANE when there's
> a validating local resolver, and generate initial self-signed cert
> and turn on inbound TLS!
I think in the above, you are referring to the idea of having package
maintainers do this in main.cf, instead of having it be a compile time
option... but I think that the right thing to do is to have it be a
compile time option, where the default is set to 'may', like you said
earlier (although I cannot comment on the accuracy of the code):
#ifdef USE_TLS
#define DEF_SMTP_TLS_LEVEL "may"
#else
#define DEF_SMTP_TLS_LEVEL ""
#endif
--
micah
