Matus UHLAR - fantomas:
> On 03.05.19 12:40, Wietse Venema wrote:
> >Matus UHLAR - fantomas:
> >> does it make sense to run tlsproxy when post-220 tests are not run?
> >
> >tlsproxy is required when:
> >
> >- postscreen: always when the server announces STARTTLS.
> >
> >- smtp client: always when connection reuse for TLS is enabled.
> >
> >The postscreen built-in dummy SMTP server handles not only after-220
> >tests, it also handles all clients that fail tests, so that postscreen
> >can log helo, sender, and recipient information.
>
> and if tlsproxy is not enabled in master.cf, does postscreen skip offering
> STARTTLS or produce error when client requests it?
Don't do that. Postfix usually reports errors when the sysadmin
does stupid things, but those unexpected code paths are not optimized
for performance (unlike the excpected code paths when users/spammers
do stupid things).
/*
* Connect to the tlsproxy(8) daemon. We report all errors
* asynchronously, to avoid having to maintain multiple delivery paths.
*/
if ((fd = LOCAL_CONNECT(psc_tlsp_service, NON_BLOCKING, 1)) < 0) {
msg_warn("connect to %s service: %m", psc_tlsp_service);
PSC_SEND_REPLY(smtp_state,
"454 4.7.0 TLS not available due to local problem\r\n");
event_request_timer(resume_event, (void *) smtp_state, 0);
return;
}
Wietse
