On Tue, Feb 13, 2024 at 12:23:32PM -0500, Wietse Venema via Postfix-users wrote:
> Over 25 years, Postfix has accumulated some features that > are essentially obsolete. > > - permit_mx_backup is fundamentally incompatible with recipient > address validation. There is no way to work around that with > reject_unverified_recipient, because that requires that a domain > is reachable, and in that case permit_mx_backup is not needed. > Log a deprecation warning with compatibility_levels>=3.9. > > - masquerade_domains complicates table-driven address validation. > Log a deprecation warning with compatibility_levels>=3.9. > > - disable_dns_lookups can be migrated to smtp_dns_support_level > which implements a superset of the functionality. Log a deprecation > warning with compatibility_levels>=3.9. > > What else needs to go? Obsoleted by TLS security levels: - lmtp_enforce_tls - lmtp_use_tls - postscreen_enforce_tls - postscreen_use_tls - smtp_enforce_tls - smtp_use_tls - smtpd_enforce_tls - smtpd_use_tls - tlsproxy_client_enforce_tls - tlsproxy_client_use_tls - tlsproxy_enforce_tls - tlsproxy_use_tls Obsoleted by TLS policy maps: - lmtp_tls_per_site - smtp_tls_per_site - tlsproxy_client_per_site Obsoleted by automatic negotiation in the SSL code: - smtpd_tls_dh1024_param_file = auto - smtpd_tls_eecdh_grade = auto [ We could delete the underlying support code for the explicit choices, and always use 'auto' with a warning if the configuration specifies a different choice. Mind you, automatic DH group negotiation is prone to choosing largish > 2048-bit groups, when the server will sign with a large RSA private key, but this feels somewhat justifiable. ] Perhaps more controversial: - parent_domains_matches_subdomains This should IMHO be empty, with all parent-domain rules being explicit. Its convenience is offset by not entirely infrequent user confusion about where ".domain" is required (transport(5) table) and where it is not by default (access(5) table). -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org