Geert Hendrickx via Postfix-users:
> On Sat, Jun 07, 2025 at 18:51:21 -0400, Wietse Venema via Postfix-users wrote:
> > > > For the Postfix SMTP client the new default would look like:
> > > >
> > > > smtp_tls_security_level =
> > > > ${{$compatibility_level} >=level {3.10}?
> > > > {${built_with_tls ? {may}}}}
> > > >
> >
> > Turn out the example is too simple. As with shell syntax, Postfix's
> > '$name?' is true when $name is non-empty, and 'yes' and 'no' are
> > both non-empty strings. Boring details like this move it back to
> > the design queue.
>
> Can the default be decided at build-time (#ifdef), instead of with
> run-time conditional configuration?
That would result in an incompatible change for systems that are
not explicitly configured to enable TLS.
With 'may', the Postfix SMTP client will fall back to plaintext
only after minimal_backoff_time (default: five minutes). That is a
significant delay. I personally hate it when people "improve"
software and thereby make some edge case worse.
I'm all for improving Postfix, but not at the cost of worst-case behavior.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
