David Mandelberg via Postfix-users:
> Oct 30 20:33:28 mail-inbound-119b7863 postfix-inbound/qmgr[15646]:
> 4cyFfv6Tdcz1t: from=<REDACTED>, size=11406, nrcpt=1 (queue active)
> Oct 30 20:33:28 mail-inbound-119b7863 postfix-inbound/lmtp[15765]:
> warning: lmtp_tls_wrappermode requires "lmtp_tls_security_level =
> encrypt" (or stronger)
That is a bad interaction with "TLS-Required: no" (which means
lmtp_tls_security_level = may) and TLS wrappermode (which requires
lmtp_tls_security_level = encrypt or stronger).
I think that TLS wrappermode should override "TLS-Required: no",
because by design, TLS can't be optional for wrappermode connections.
TLS can be optional only for connections that use STARTTLS.
That leaves the question whether "TLS-Required: no" for wrappermode
should dowgrade "encrypt" and disable stronger authentication like
fingerprint etc.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
