Hi Noel and Wietse, Thank you for your prompt feedback.
I think (in the quest to explore this more fully), I will try enabling this for a short term and see what sort of TLS issues I may have. The server I described in previous mails is low volume so I believe it’s ideal for testing something like this. If anyone’s interested, I can always report back to the list about it. - J > On Dec 4, 2017, at 7:39 PM, Wietse Venema <wie...@porcupine.org> wrote: > > Noel Jones: >>> On 12/4/2017 3:35 PM, J Doe wrote: >>> Hello, >>> >>> I currently have a server that is configured as a mail forwarding domain >>> [1]. Using example.com as an example: >>> >>> /etc/postfix/main.cf >>> virtual_alias_domains = example.com >>> virtual_alias_maps = hash:/etc/postfix/virtual >>> >>> /etc/postfix/virtual >>> u...@example.com users-gmail-addr...@gmail.com >>> >>> As such, the SMTP client is used to forward the messages to each user?s >>> existing Gmail addresses. >>> >>> I was reading more about the smtp client parameters and read about >>> smtp_per_record_deadline. In postconf(5) it states that the time limits >>> are changed and that this ?...limits the impact from hostile peers that >>> trickle data one byte at a time? >>> >>> Since my peer for the smtp client is always Gmail, this isn?t an issue for >>> me, but I was wondering - why does this default to ?no? ? I note the >>> warning in postconf(5) that states for slow network connections this can >>> cause problems with TLS, but I am assuming that this doesn?t apply to most >>> configurations. >>> >>> Why wouldn?t I want this normally enabled ? > > It's not safe to make this the Postfix default, but you're welcome > to override that if you are sure that connections will never be > slow. > > Wietse
