On Wed, Oct 27, 2021 at 06:36:14AM -0400, Wietse Venema <wie...@porcupine.org>
wrote:
> Dan Mahoney:
> > I've wondered this for a while, and have even suggested the day
> > job implement this in our own software.
> >
> > This feels like a reasonable place to ask. Is there a way, given
> > a new warning about compatibility_level (say you've been running
> > with 3_5, and you're now running 3_6), to see what changes to your
> > config are effectively made by enabling that level? (effectively,
> > to show a defaults-diff, or any commands whose behavior may not
> > have the same meaning under a previous version)?
>
> Yes. The old and new defaults are available in postconf output.
> Not pretty but it is there.
>
> Wietse
>
> $ postconf -d | grep compatibility_level
> append_dot_mydomain = ${{$compatibility_level} <level {1} ? {yes} : {no}}
> compatibility_level = 0
> lmtp_tls_fingerprint_digest = ${{$compatibility_level} <level {3.6} ? {md5} :
> {sha256}}
> mynetworks_style = ${{$compatibility_level} <level {2} ? {subnet} : {host}}
> relay_domains = ${{$compatibility_level} <level {2} ? {$mydestination} : {}}
> respectful_logging = ${{$compatibility_level} <level {3.6} ? {no} : {yes}}
> smtp_tls_fingerprint_digest = ${{$compatibility_level} <level {3.6} ? {md5} :
> {sha256}}
> smtpd_relay_before_recipient_restrictions = ${{$compatibility_level} <level
> {3.6} ? {no} : {yes}}
> smtpd_relay_restrictions = ${{$compatibility_level} <level {1} ? {} :
> {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
> smtpd_tls_fingerprint_digest = ${{$compatibility_level} <level {3.6} ? {md5}
> : {sha256}}
> smtputf8_enable = ${{$compatibility_level} <level {1} ? {no} : {yes}}
What postconf can't tell you is which new defaults matter for your own
configuration.
For example, if you aren't identifying any TLS keys by fingerprint, then
it doesn't matter that the default digest algorithm has changed.
Although some of the earlier changes might have affected most users.
So also reading http://www.postfix.com/COMPATIBILITY_README.html
is probably essential to make sense of the changes.
cheers,
raf
