I'm simplifying the implementation. If built with TLS the SMTP
client default is:
smtp_tls_security_level = may
With compatibility_level < 3.11, the Postfix SMTP client will log:
postfix/smtp[...] using backwards-compatible default setting
smtp_tls_security_level=(empty)
This ma
On Mon, Jun 23, 2025 at 13:24:49 -0400, Wietse Venema via Postfix-users wrote:
> Conclusion: there is no benefit from to changing the SMTP server default
> TLS level.
I agree. The server-side TLS cannot work without some external process
to generate and configure the certificate(s), so it can ju
Viktor Dukhovni via Postfix-users:
> On Sun, Jun 08, 2025 at 07:29:22PM +0200, Geert Hendrickx via Postfix-users
> wrote:
> > On Mon, Jun 09, 2025 at 00:42:20 +1000, Viktor Dukhovni via Postfix-users
> > wrote:
> > > On Sun, Jun 08, 2025 at 09:29:17AM -0400, Wietse Venema via Postfix-users
> > >
On Sun, Jun 08, 2025 at 07:29:22PM +0200, Geert Hendrickx via Postfix-users
wrote:
> On Mon, Jun 09, 2025 at 00:42:20 +1000, Viktor Dukhovni via Postfix-users
> wrote:
> > On Sun, Jun 08, 2025 at 09:29:17AM -0400, Wietse Venema via Postfix-users
> > wrote:
> >
> > > > Can the default be decided
On Mon, Jun 09, 2025 at 00:42:20 +1000, Viktor Dukhovni via Postfix-users wrote:
> On Sun, Jun 08, 2025 at 09:29:17AM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > > Can the default be decided at build-time (#ifdef), instead of with
> > > run-time conditional configuration?
> >
> > That
On Sun, Jun 08, 2025 at 09:29:17AM -0400, Wietse Venema via Postfix-users wrote:
> > Can the default be decided at build-time (#ifdef), instead of with
> > run-time conditional configuration?
>
> That would result in an incompatible change for systems that are
> not explicitly configured to enabl
Geert Hendrickx via Postfix-users:
> On Sat, Jun 07, 2025 at 18:51:21 -0400, Wietse Venema via Postfix-users wrote:
> > > > For the Postfix SMTP client the new default would look like:
> > > >
> > > > smtp_tls_security_level =
> > > > ${{$compatibility_level} >=level {3.10}?
> > > >
On Sat, Jun 07, 2025 at 18:51:21 -0400, Wietse Venema via Postfix-users wrote:
> > > For the Postfix SMTP client the new default would look like:
> > >
> > > smtp_tls_security_level =
> > > ${{$compatibility_level} >=level {3.10}?
> > > {${built_with_tls ? {may
> > >
>
Geert Hendrickx via Postfix-users:
> On Thu, Oct 24, 2024 at 11:33:22 -0400, Wietse Venema via Postfix-users wrote:
> > The compatibility-level guard is a good idea. To take out some of the
> > guesswork, I'm considering to add a read-only configuration parameter
> > that indicates whether Postfix
On Thu, Oct 24, 2024 at 11:33:22 -0400, Wietse Venema via Postfix-users wrote:
> The compatibility-level guard is a good idea. To take out some of the
> guesswork, I'm considering to add a read-only configuration parameter
> that indicates whether Postfix is built with TLS support.
>
> For the Pos
Hello,
On 24.10.2024 08:24, Viktor Dukhovni via Postfix-users wrote:
Yes, of course, as documented. TLS is off by default, this is
backwards-compatible behaviour, and Postfix aims to not "surprise"
operators with unexpected new behaviour after an upgrade. Default
settings are in part also the
Geert Hendrickx:
> On Thu, Oct 24, 2024 at 11:33:22 -0400, Wietse Venema via Postfix-users wrote:
> > And for the Postfix SMTP server, this would add two guards
> > to Viktor's example:
> >
> > smtpd_tls_security_level =
> > ${{$compatibility_level} >=level {3.10} ?
> > {${
On Thu, Oct 24, 2024 at 11:33:22 -0400, Wietse Venema via Postfix-users wrote:
> And for the Postfix SMTP server, this would add two guards
> to Viktor's example:
>
> smtpd_tls_security_level =
> ${{$compatibility_level} >=level {3.10} ?
> {${built_with_tls ?
>
Viktor Dukhovni via Postfix-users:
> Meanwhile, on the server side we could set:
>
> # Default to "may" when a cert file is configured.
> #
> smtpd_tls_security_level =
> ${smtpd_tls_chain_files ? {may} :
> {${smtpd_tls_cert_file ? {may} :
> {${smtpd_tls_
On Thu, Oct 24, 2024 at 01:24:07PM +0300, Eugene R via Postfix-users wrote:
> On 24.10.2024 08:24, Viktor Dukhovni via Postfix-users wrote:
> > Yes, of course, as documented. TLS is off by default, this is
> > backwards-compatible behaviour, and Postfix aims to not "surprise"
> > operators with u
On Thu, Oct 24, 2024 at 16:24:04 +1100, Viktor Dukhovni via Postfix-users wrote:
> Yes, of course, as documented. TLS is off by default, this is backwards-
> compatible behaviour, and Postfix aims to not "surprise" operators with
> unexpected new behaviour after an upgrade.
This could be enabled
Something bad happened to the list (?), as your message seems to be repeated
multiple times, with Chinese characters prepended to the subject and list
footer appended to the body multiple times.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they'r
On Thu, Oct 24, 2024 at 06:34:16AM +0800, Wesley via Postfix-users wrote:
> $ postconf -d smtp_use_tls smtp_tls_security_level
> smtp_use_tls = no
> smtp_tls_security_level =
>
> Under these defaults, I am afraid if I don't setup them, Postfix will
> always talk to peer with plaintext, even peer
And please see the following defaults,
root@mail:~# postconf -d smtp_use_tls
smtp_use_tls = no
root@mail:~# postconf -d smtp_tls_security_level
smtp_tls_security_level =
under these defaults, I am afraid if I don't setup them, postfix will
always talk to peer with plaintext, even peer supports
On Wed, Oct 23, 2024 at 07:15:31PM +0800, Wesley via Postfix-users wrote:
> please see this default value,
>
> # postconf -d smtp_tls_security_level
> smtp_tls_security_level =
The default value maintains backwards-compatibility with Postfix ~2.2
when TLS support was first merged into Postfix ba
23.10.24, 13:15 +0200, Wesley via Postfix-users:
> please see this default value,
>
> # postconf -d smtp_tls_security_level smtp_tls_security_level =
>
> does this mean if using the default value, postfix will deliver
> messages to peer MTA without using ssl/tls always, even the peer
> supports
21 matches
Mail list logo
