Loading ...
Sorry, an error occurred while loading the content.

293827Re: STARTTLS not announced?!

Expand Messages
  • /dev/rob0
    Jun 14, 2013
    • 0 Attachment
      On Sat, Jun 15, 2013 at 03:45:02AM +0200, Benny Pedersen wrote:
      > Nabil Alsharif skrev den 2013-06-15 02:59:
      > >>> smtp_tls_note_starttls_offer = yes
      > >>> smtp_use_tls = yes
      > >>
      > >>smtp_ is for sending
      > >Ok so these two options are telling Postfix to check if STARTTLS
      > >is offered by the peer and use TLS if available, right?
      > correct

      smtp_tls_note_starttls_offer means to note (i.e., log) when a remote
      server offers STARTTLS. "smtp_use_tls=yes" is the same as (replaced
      by) "smtp_tls_security_level=may". All of these are covered in the
      TLS_README.html (except for the deprecated settings, of course.)

      And none of this is relevant to the $SUBJECT at hand.

      > >>> smtpd_banner = $myhostname ESMTP
      > >>> smtpd_recipient_restrictions = permit_mynetworks
      > >>>reject_unauth_destination
      > >>> smtpd_tls_CAfile = /etc/pki/dovecot/certs/dovecot.pem
      > >>> smtpd_tls_auth_only = yes
      > >>
      > >>this disable starttls since we already is using ssl/tls now

      Wrong, Benny. See postconf.5.html#smtpd_tls_auth_only and the
      correction posted by Jan, with which you tried to argue.

      > >huh? This part I don't quite understand. How are we
      > >disabling TLS?

      We're not. That was wrong.

      > >Where was it enabled before? when we said smtp_use_tls = yes?

      That deprecated setting is not relevant.

      > it does not disable tls/ssl, but it removes starttls in plain
      > connection without tls/ssl

      Also wrong.

      > smtpd vs smtp confusion ?
      > with that setting all smtpd_ clients must use tls or ssl

      With smtpd_tls_security_level=encrypt, yes; not with
      smtpd_tls_auth_only=yes. Wrong and misleading posts will not help.

      I think the OP will have to fix the logging problem before we can
      solve this issue.
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • Show all 20 messages in this topic