Viktor Dukhovni via Postfix-users:
> On Tue, Aug 15, 2023 at 11:33:08AM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > With that, the condition evaluates to:
> >
> > 1: session->tls_context == 0 true
> > 2: state->tls->level == TLS_LEV_MAY presumably true
> > 3: PREACTIVE_DELAY >= var_min_backoff_time false
> > 4: !HAVE_SASL_CREDENTIALS ?
> >
> > [...]
> >
> > Condition 3 may need more nuance. The code is OK for non-probe
> > messages; it prefers to retry later with TLS, over immediately
> > falling back to plaintext. When the later retry also fails in the
> > TLS handhake, then Postfix will immediately fall back to plaintext.
> >
> > However, probes don't retry, so maybe we should skip condition 3
> > for probes.
>
> That's my instinct also. Waiting out transient glitches by retrying on
> the next delivery attempt is not an option for probes. And probes don't
> leak message content in the clear, nor even the full envelope, just a
> single sender or recipient.
What about condition 2? If the level is not MAY, Postfix
won't retry plaintext.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
