Bug#764512: marked as done (postfix: Outbound STARTTLS disabled in default config)

Sun, 22 Sep 2019 16:07:00 -0700 

Your message dated Sun, 22 Sep 2019 23:04:19 +0000
with message-id <[email protected]>
and subject line Bug#163144: fixed in postfix 3.4.7-1
has caused the Debian Bug report #163144,
regarding postfix: Outbound STARTTLS disabled in default config
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
163144: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=163144
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: postfix
Version: 2.9.6-2
Severity: normal

Dear Maintainer,

The default config for a newly installed Postfix supports inbound
STARTTLS, but it does not support outbound STARTTLS, even if the remote
host advertises support. I think the default Postfix config in Debian
should have this line:

smtp_tls_security_level = may

This will instruct Postfix to use STARTTLS encryption with hosts that
advertise it, but go ahead and send in plaintext for those that don't.
This would be an important step up in default email privacy.

Thanks,
Jacob

-- System Information:
Debian Release: 7.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.3.0-rc7-xen-teo.en.ming-sgp (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages postfix depends on:
ii  adduser                3.113+nmu3
ii  cpio                   2.11+dfsg-0.1
ii  debconf [debconf-2.0]  1.5.49
ii  dpkg                   1.16.12
ii  libc6                  2.13-38+deb7u1
ii  libdb5.1               5.1.29-5
ii  libsasl2-2             2.1.25.dfsg1-6+deb7u1
ii  libsqlite3-0           3.7.13-1+deb7u1
ii  libssl1.0.0            1.0.1e-2+deb7u5
ii  lsb-base               4.1+Debian8+deb7u1
ii  netbase                5.0
ii  ssl-cert               1.0.32

Versions of packages postfix recommends:
ii  python  2.7.3-4+deb7u1

Versions of packages postfix suggests:
pn  dovecot-common           <none>
ii  libsasl2-modules         2.1.25.dfsg1-6+deb7u1
ii  mailutils [mail-reader]  1:2.99.97-3
pn  postfix-cdb              <none>
pn  postfix-doc              <none>
pn  postfix-ldap             <none>
pn  postfix-mysql            <none>
pn  postfix-pcre             <none>
pn  postfix-pgsql            <none>
pn  procmail                 <none>
ii  resolvconf               1.67
pn  sasl2-bin                <none>
pn  ufw                      <none>

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: postfix
Source-Version: 3.4.7-1

We believe that the bug you reported is fixed in the latest version of
postfix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <[email protected]> (supplier of updated postfix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 22 Sep 2019 16:21:17 -0400
Source: postfix
Architecture: source
Version: 3.4.7-1
Distribution: unstable
Urgency: medium
Maintainer: LaMont Jones <[email protected]>
Changed-By: Scott Kitterman <[email protected]>
Closes: 163144 520936 579248 879668 923083 934803
Changes:
 postfix (3.4.7-1) unstable; urgency=medium
 .
   [Andreas Hasenack]
 .
   * * d/p/80_glibc2.30-ftbfs.diff: fix build with glibc 2.30 (LP: #1842923)
 .
   [Scott Kitterman]
 .
   * Refresh patches
   * Modernize default TLS setup:
     - Drop addition of smtpd_tls_session_cache_database to TLS parameters (no
       longer needed since TLS session tickets are used now).  Closes: #934803
     - Replace use of obsolescent smtpd_use_tls=yes with
       smtpd_tls_security_level=may in default TLS setting.  Closes: #520936
     - Add smtp_tls_security_level=may to default TLS settings so that both
       client and server TLS are now enabled be default for new installations.
       Closes: #163144
     - Stop copying smtp_tls_CAfile into chroot, not needed per postfix docs
     - Also copy smtpd_tls_CApath files into chroot.  Closes: #579248
     - Add smtp_tls_CApath using /usr/share/ca-certificates/ to default TLS
       configuration so postfix smtp client can use the system certificate
       store to verify smtp server certificates, add ca-certificates to postfix
       Recommends.  Closes: #923083
   * Bump standards version to 4.4.0 without further change
   * Fix spelling errors in Debian provided man pages
 .
   [Christian Göttsche]
 .
   * Fix debian/rules so build flags are applied Closes: #879668
 .
   [Wietse Venema]
 .
   * 3.4.6
   * 3.4.7
Checksums-Sha1:
 7b22404af7f64b07c8b4fa956e65626cc456644c 2738 postfix_3.4.7-1.dsc
 675438e5eb2093579480a14e8f8552e784f03f32 4572758 postfix_3.4.7.orig.tar.gz
 740465f4bb91d782e4bc814a34276a5af25008bb 197060 postfix_3.4.7-1.debian.tar.xz
 74c2026c7269aadc93bbf405e8cc7c16706c3337 7635 postfix_3.4.7-1_source.buildinfo
Checksums-Sha256:
 1e7a84218d32aac8556ce024257ba96ea832cc9c306033458e122ad4f509b773 2738 
postfix_3.4.7-1.dsc
 fe3253121d3ba8836a23774225518560b35e40497951ad5bec154afa8205f967 4572758 
postfix_3.4.7.orig.tar.gz
 745d6b38d96472dec57b242f842bf5c950b0d669b5f30d2fb67596be47405897 197060 
postfix_3.4.7-1.debian.tar.xz
 e3d0bdc02826399c9ea4c6e97df8f2e73be883dcdf8b59feb18ffcc151c6987b 7635 
postfix_3.4.7-1_source.buildinfo
Files:
 8d21aebf212e349956130ea84d1a0aff 2738 mail optional postfix_3.4.7-1.dsc
 b29ab85e8f6ef7fae132b004e777671b 4572758 mail optional 
postfix_3.4.7.orig.tar.gz
 6cbc5ff958e1cb6477b8b09bb2305e72 197060 mail optional 
postfix_3.4.7-1.debian.tar.xz
 c2b6a9e63c83121df1673c173965bbf0 7635 mail optional 
postfix_3.4.7-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl2H96QACgkQeNfe+5rV
mvHkxw/+MdQ+f8ImuBqOgOfE6P6DW9OBykUvJgSRsWtE1f0eCsyj8d1WJyCf7vIY
w4VRlwj2dIOZi3Y0Xtjxt60Ms3xCSly2P0gFgf9DYTqXg/uq97/FsPOEtmuZBcEK
PpSg/gb+Gb8dJ8+1lmfRX+M8ny5TDnpogcCTDF0gH0B0+xP4wYoihbhZlOub9gPV
HhKWKBvzvbTBeXZ8qiOs1MeigJ99utTl0ekadG+cprXNQTluHnexeOXXVgalutA5
dojcFBJcYgnsWl98OkuAww3R8ivrjzcypeunV2my+PnNbso22hWFAuaIfRS4BCdU
ng8G9RGonUUnZi9oYEX5a1axLy2X9n4QTzoFG3JHkYCYKF7hq8cDa/QjSxUqOI+r
uXdgrPq7MjjXF0jwfECufbJqktb/QkfE69V42ePXDf88hjT8fgeXDeiRSmfPm30S
0oGEPszR2bKrfO6g0jnEHnYvUxNoXh/dtdCZViFhADm+KHwGi4EgDAFv6TAszbXJ
kdAJLPbrLpZc5C5ePn+ZogEjf44YrbDhuFQrA2StdIBOiL2NCVK9PDHWFg2T9o2y
J1uAZsgBFcWtBaIc+t8XO0SQgAml+JAaGGsdrKmN1UVgUw9JTu7GQ5I9nrACqTD2
m5CO6bE0kzUtna/sdNQvcMNlRPseQXXCt5aN9/YhI8PWJVxSPbs=
=hlZb
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to