Package: postfix Version: 2.9.6-2 Severity: normal Dear Maintainer,
The default config for a newly installed Postfix supports inbound STARTTLS, but it does not support outbound STARTTLS, even if the remote host advertises support. I think the default Postfix config in Debian should have this line: smtp_tls_security_level = may This will instruct Postfix to use STARTTLS encryption with hosts that advertise it, but go ahead and send in plaintext for those that don't. This would be an important step up in default email privacy. Thanks, Jacob -- System Information: Debian Release: 7.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.3.0-rc7-xen-teo.en.ming-sgp (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages postfix depends on: ii adduser 3.113+nmu3 ii cpio 2.11+dfsg-0.1 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.12 ii libc6 2.13-38+deb7u1 ii libdb5.1 5.1.29-5 ii libsasl2-2 2.1.25.dfsg1-6+deb7u1 ii libsqlite3-0 3.7.13-1+deb7u1 ii libssl1.0.0 1.0.1e-2+deb7u5 ii lsb-base 4.1+Debian8+deb7u1 ii netbase 5.0 ii ssl-cert 1.0.32 Versions of packages postfix recommends: ii python 2.7.3-4+deb7u1 Versions of packages postfix suggests: pn dovecot-common <none> ii libsasl2-modules 2.1.25.dfsg1-6+deb7u1 ii mailutils [mail-reader] 1:2.99.97-3 pn postfix-cdb <none> pn postfix-doc <none> pn postfix-ldap <none> pn postfix-mysql <none> pn postfix-pcre <none> pn postfix-pgsql <none> pn procmail <none> ii resolvconf 1.67 pn sasl2-bin <none> pn ufw <none> -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org