Wietse Venema via Postfix-users:
> John Doe:
> > Hi Wietse and Viktor,
> >
> > Replying in one email ...
> >
> > I'm attaching what You have required from me. and one more fail proof, with
> > tlsproxy setting enabled in main.cf (lat time i have forgotten to enable
> > them back- sorry)
> >
> > *I believe issue was fixed,* but it's a bit confusing now,* to show this I
> > have ran postconf -x *not postconf -xh and -d to see what's default in 3.8.5
> >
> > [root@problematicsrv]# postconf-internal -x tlsproxy_client_security_level
> > tlsproxy_client_security_level =
>
> The output is empty because...
>
> > [root@problematicsrv]# postconf-internal -d tlsproxy_client_security_level
> > tlsproxy_client_security_level =
>
> ...the default for tlsproxy_client_security_level value is empty.
The default wasn't empty: it just looked empty because the output
had been word-wrapped.
The root cause is incorrect backwards compatible support for the
legacy configuration parameters tlsproxy_client_level and
tlsproxy_client_policy. This disabled tlsproxy's TLS client role
when a legacy parameter was set.
The fix is to correct the default parameter values:
Old:
tlsproxy_client_security_level =
${tlsproxy_client_level:$smtp_tls_security_level}
tlsproxy_client_policy_maps = ${tlsproxy_client_policy:$smtp_tls_policy_maps}
New:
tlsproxy_client_security_level =
${tlsproxy_client_level?{$tlsproxy_client_level}:{$smtp_tls_security_level}}
tlsproxy_client_policy_maps =
${tlsproxy_client_policy?{$tlsproxy_client_policy}:{$smtp_tls_policy_maps}}
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
