Greetings, Viktor Dukhovni! >> >> This is easy enough to implement, the only complication is >> >> that the documentation would need to explain the variable >> >> default. >> >> >> >>> If it is compiled without TLS, the default should be 'no'. >> >> >> >> This is certainly possible. >> > >> > It seems like the right thing to do. What needs to be done to move it >> > forward? >> >> Just wanted to "bump" this message, because it has been 1 year since the >> original.
> I did not see a clear consensus for or against a compile-time > conditional default "may" for "smtp_tls_security_level": > #ifdef USE_TLS > #define DEF_SMTP_TLS_LEVEL "may" > #else > #define DEF_SMTP_TLS_LEVEL "" > #endif > which would default to enable outbound opportunistic TLS whever TLS > support is compiled in. Since this last came up, we have: > https://tools.ietf.org/html/rfc8314 > which "obsoletes" cleartext for IMAP, POP and SUBMIT, but does not > cover SMTP relay. I am not opposed to changing the default, but > also agree that setting defaults is something that can be done at > package installation time. > So the real question is whether there is a non-trivial community > of users who: > * Have no explit "smtp_tls_security_level" setting in their main.cf > file. > * Would not mind to see TLS turned on as a side-effect of a future > upgrade, but can't find the activation energy to do it explicitly. As far as I understand it, the only way TLS can be turned on with smtp_tls_security_level=may is with STARTTLS. Which should be clearly announced by the receiving servers before long. In which case, I don't see an downsides, assuming the remote server is actually capable of STARTTLS and configured correctly. > Or, whether there are Postfix package maintainers in the same boat: > too busy to add code to enable opportunistic TLS in the client at > package install time, but would be happy to see it happen upstream. -- With best regards, Andrey Repin Friday, December 21, 2018 9:29:27 Sorry for my terrible english...
