Re: Discuss: safety net for other compatibility breaks
On 07 Oct 2014, at 15:55 , Wietse Venema wrote: > As for biff, I haven't used that since I switched from a BSD/OS > workstation to a FreeBSD server in 2000. Fourteen years of UDP > datagrams wasted... It was pretty cool back in the 90s though, unless you were playing mTrek when you got the biff. For some reason, I could never get the screen to redraw enough to get rid of all the biff. Those were the days. -- "Why do you wear that stupid bunny suit?" "Why are you wearing that stupid man suit?"
Re: Discuss: safety net for other compatibility breaks
Noel Jones: > On 10/7/2014 10:53 AM, Viktor Dukhovni wrote: > > On Tue, Oct 07, 2014 at 11:32:47AM -0400, Wietse Venema wrote: > > > >> What else needs to be considered? > >> > >> There are more settings whose defaults can be confusing to people > >> who aren't familiar with 10+ years of Postfix history. > >> > >> - relay_domains (default: $mydestination). This should be empty. > >> > >> - mynetworks-style (default: subnet). This should be "host". > > I like the above two changes. The defaults often are confusing for > people new to postfix. OK, these will have compatibility level 2. I'm considering settings where the need for backwards compatibility is relatively easy to detect, that is, if the system relies on the old default setting, then Postfix's BC warning message is likely to show up during common usage. For this reason I'll stay away from rarely-used features such as allow_percent_hack and swap_bangpath. The purpose of the BC safety net is to keep sysadmins out of trouble. As for biff, I haven't used that since I switched from a BSD/OS workstation to a FreeBSD server in 2000. Fourteen years of UDP datagrams wasted... Wietse
Re: Discuss: safety net for other compatibility breaks
Mark Martinec: Some more archaisms that can be changed to: biff = no swap_bangpath = no allow_percent_hack = no funny, all of the already mentioned settings I also set explicit set here ... other suggestions: - disable_vrfy_command = yes - enable_long_queue_ids = yes - smtpd_tls_protocols = !SSLv2 Andreas
Re: Discuss: safety net for other compatibility breaks
Wietse wrote: What else needs to be considered? There are more settings whose defaults can be confusing to people who aren't familiar with 10+ years of Postfix history. - relay_domains (default: $mydestination). This should be empty. - mynetworks-style (default: subnet). This should be "host". I like the above two changes. The defaults often are confusing for people new to postfix. - mynetworks-style (default: subnet). This should be "host". Yes, definitely. Some more archaisms that can be changed to: biff = no swap_bangpath = no allow_percent_hack = no Mark
Re: Discuss: safety net for other compatibility breaks
On 10/7/2014 10:53 AM, Viktor Dukhovni wrote: > On Tue, Oct 07, 2014 at 11:32:47AM -0400, Wietse Venema wrote: > >> What else needs to be considered? >> >> There are more settings whose defaults can be confusing to people >> who aren't familiar with 10+ years of Postfix history. >> >> - relay_domains (default: $mydestination). This should be empty. >> >> - mynetworks-style (default: subnet). This should be "host". I like the above two changes. The defaults often are confusing for people new to postfix. >> >> - parent_domains_matches_subdomains. I am reluctant to change this >> because it affects so many Postfix features. A cascade of warning >> messages could be confusing. Almost every postfix how-to on the web assumes this feature defaults on. Changing the default will be painful. > > Also: > > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, > defer_unauth_destination > > could become: > > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination > I think this feature is too new to change the safe default. -- Noel Jones
Re: Discuss: safety net for other compatibility breaks
On Tue, Oct 07, 2014 at 11:32:47AM -0400, Wietse Venema wrote: > What else needs to be considered? > > There are more settings whose defaults can be confusing to people > who aren't familiar with 10+ years of Postfix history. > > - relay_domains (default: $mydestination). This should be empty. > > - mynetworks-style (default: subnet). This should be "host". > > - parent_domains_matches_subdomains. I am reluctant to change this > because it affects so many Postfix features. A cascade of warning > messages could be confusing. Also: smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination could become: smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination -- Viktor.
Discuss: safety net for other compatibility breaks
Last week I introduced a safety net based on a compatibility level. If you upgrade to a Postfix version that has a higher compatibility level than the main.cf compatibility level (default: 0) then Postfix will use backwards-compatible default settings and log warnings when the old Postfix configuration uses a default setting that is going to change. You can then decide to make the old default setting permanent before updating the main.cf compatibility level. Compatibility level 1 changes defaults to: append_dot_mydomain=no, smtputf8_enable=yes and chroot=n. Details of warning messages are in http://www.postfix.org/postconf.5.html#compatibility_level What else needs to be considered? There are more settings whose defaults can be confusing to people who aren't familiar with 10+ years of Postfix history. - relay_domains (default: $mydestination). This should be empty. - mynetworks-style (default: subnet). This should be "host". - parent_domains_matches_subdomains. I am reluctant to change this because it affects so many Postfix features. A cascade of warning messages could be confusing. I want to finish this before the next stable release. I'd rather avoid a trickle of breaks with every stable release, as that would detract from Postfix's reputation. Wietse
