Hi, I think there's a parameter name that is rightish/better in the documentation but wrong/worse in the code.
$ postconf -d | grep security_level lmtp_tls_security_level = postscreen_tls_security_level = $smtpd_tls_security_level smtp_tls_security_level = smtpd_tls_security_level = tlsproxy_client_level = $smtp_tls_security_level tlsproxy_tls_security_level = $smtpd_tls_security_level But http://www.postfix.org/postconf.5.html does not mention tlsproxy_client_level. However, it does have an entry for tlsproxy_client_security_level, which doesn't appear in the above postconf output (and it's a better name, but could be better still - see below). This postconf is from postfix-3.5.6, and things might have changed since then, but the local postconf(5) manpage and the online postconf.5.html (3.7) both agree on this. tlsproxy_client_security_level (default: $smtp_tls_security_level) The default TLS security level for the Postfix tlsproxy(8) client. See smtp_tls_security_level for further details. This feature is available in Postfix 3.4 and later. I guess technically, the code is right by definition, and the manual is wrong, but I'd prefer to think it's the other way around, and the name in the code can be changed, and the manual updated to reflect the existence of both forms and what Postfix version range they exist in. Although, a more consistent name would be tlsproxy_client_tls_security_level, so if the name were to be changed in the code, perhaps it could be changed to that instead. cheers, raf
