On 2025-06-18 at 06:59:37 UTC-0400 (Wed, 18 Jun 2025 22:59:37 +1200)
Nick Tait via Postfix-users <n...@tait.net.nz>
is rumored to have said:
After setting "postscreen_tls_security_level = none", when I now send
a STARTTLS, I get a "502 5.5.1 Error: command not implemented",
That is precisely what I'd expect. None means none: TLS is disabled.
Presumably STARTTLS is not in the EHLO response, so nothing will try
STARTTLS.
and then /the SMTP session/ stops responding to any subsequent
commands,
Not what I'd expect, but likely harmless. Nothing legitimate tries
STARTTLS if it's not advertised.
/until the client disconnects or the postscreen_command_time_limit is
reached/. /(Postscreen itself remains operational for processing other
connections.)/
What were you expecting?
Sending a STARTTLS command to a server that is configured to not support
it is not going to work. It should not work. The particular style of not
working is not really very important but I think the behavior you
describe is not the worst choice.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
