Debian Bug report logs - #330885
postfix: default configuration should enable use of TLS for SMTP as default

version graph

Package: postfix; Maintainer for postfix is LaMont Jones <lamont@debian.org>; Source for postfix is src:postfix (PTS, buildd, popcon).

Reported by: Dominik Kubla <dominik@kubla.de>

Date: Fri, 30 Sep 2005 10:03:04 UTC

Severity: wishlist

Merged with 163144

Found in version postfix/2.2.4-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix. (full text, mbox, link).


Acknowledgement sent to Dominik Kubla <dominik@kubla.de>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Dominik Kubla <dominik@kubla.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: postfix: default configuration should enable use of TLS for stmp as default
Date: Fri, 30 Sep 2005 11:49:06 +0200
Package: postfix
Version: 2.2.4-1
Severity: wishlist


The default postfix configuration should use TLS when delivering mail if
the receiving host supports it. Please add the following lines to the
default main.cf:

smtp_use_tls = yes
smtp_enforce_tls = no
smtp_tls_enforce_peername = no
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:/var/cache/postfix/smtp_scache

These settings will allow the use of TLS for deliveing mail, while not
enforcing it or any strict checks of the certificate presented.

This also means that the package should include the directory
/var/cache/postfix to store the TLS session cache.

In a related matter: The installation procedure should ask if the
relayhost requires the use of a password and should create appropriate
configuration entries..

Kind regards,
  Dominik Kubla

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (900, 'unstable'), (800, 'testing'), (100, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc2-git6
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages postfix depends on:
ii  adduser                      3.69        Add and remove users and groups
ii  debconf [debconf-2.0]        1.4.58      Debian configuration management sy
ii  dpkg                         1.13.11.0.1 package maintenance system for Deb
ii  libc6                        2.3.5-6     GNU C Library: Shared libraries an
ii  libdb4.2                     4.2.52-19   Berkeley v4.2 Database Libraries [
ii  libsasl2                     2.1.19-1.6  Authentication abstraction library
ii  libssl0.9.7                  0.9.7g-3    SSL shared libraries
ii  netbase                      4.22        Basic TCP/IP networking system

Versions of packages postfix recommends:
ii  emacs21 [mail-re 21.4a-2                 The GNU Emacs editor
ii  kmail [mail-read 4:3.4.2-2               KDE Email client
ii  mailx [mail-read 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  mozilla-thunderb 1.0.6-4                 Mozilla Thunderbird standalone mai
ii  mutt [mail-reade 1.5.11-1                Text-based mailreader supporting M
pn  resolvconf       <none>                  (no description available)

-- debconf information:
* postfix/mailname: <WITHHELD>
  postfix/tlsmgr_upgrade_warning:
* postfix/relayhost: <WITHHELD>
  postfix/procmail: true
  postfix/bad_recipient_delimiter:
  postfix/rfc1035_violation: false
  postfix/mynetworks: 127.0.0.0/8
  postfix/master_upgrade_warning:
  postfix/db_upgrade_warning: true
  postfix/dynamicmaps_upgrade_warning:
  postfix/recipient_delim: +
* postfix/main_mailer_type: Internet with smarthost
  postfix/transport_map_warning:
* postfix/chattr: false
* postfix/root_address: <WITHHELD>
* postfix/destinations: <WITHHELD>
  postfix/nqmgr_upgrade_warning:
  postfix/not_configured:
  postfix/mailbox_limit: 0



Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix. (full text, mbox, link).


Acknowledgement sent to Pat Riehecky <prieheck@iwu.edu>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (full text, mbox, link).


Message #10 received at 330885@bugs.debian.org (full text, mbox, reply):

From: Pat Riehecky <prieheck@iwu.edu>
To: 330885@bugs.debian.org
Subject: postfix: default configuration should enable use of TLS for stmp as default
Date: Thu, 10 Apr 2008 12:02:56 -0500
I would like to vote for this bug, the only thing I change on 99% of my
postfix installs is this.  The debconf values rule for a lot of
installs, but TLS by default would eliminate almost all of the main.cf
editing I do.

Pat





Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix. (Thu, 23 Oct 2008 10:30:02 GMT) (full text, mbox, link).


Acknowledgement sent to "registrations@das-komitee.de" <registrations@das-komitee.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 23 Oct 2008 10:30:02 GMT) (full text, mbox, link).


Message #15 received at 330885@bugs.debian.org (full text, mbox, reply):

From: "registrations@das-komitee.de" <registrations@das-komitee.de>
To: 330885@bugs.debian.org
Subject: postfix: default configuration should enable use of TLS for stmp as default
Date: Thu, 23 Oct 2008 11:27:20 +0100
Hi,

I'd like to vote for this bug too.

The config as shown is deprecated, so it should be
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/cache/postfix/smtp_scache

It would also be good to copy the CApath directory to the chroot
environment.
I usually add this to /etc/init.d/postfix:
-------
ca_path=$(postconf -h smtp_tls_CApath)
DIRS="${ca_path#/}"
for dir in $DIRS; do
    [ -d ${dir} ] || mkdir -p ${dir}
    if [ -d /${dir} ]; then rm -rf ${dir} && cp -r /${dir} ${dir}; fi
    if [ -d  ${dir} ]; then chmod -R a+rX ${dir}; fi
done
-------

Regards,
    TT




Changed Bug title to 'postfix: default configuration should enable use of TLS for SMTP as default' from 'postfix: default configuration should enable use of TLS for stmp as default' Request was from Philipp Kern <pkern@simplex.0x539.de> to control@bugs.debian.org. (Mon, 21 Apr 2014 20:57:05 GMT) (full text, mbox, link).


Merged 163144 330885 Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Thu, 24 Apr 2014 11:03:11 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix. (Tue, 19 Aug 2014 19:42:05 GMT) (full text, mbox, link).


Acknowledgement sent to Gabriel Filion <gabster@lelutin.ca>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Tue, 19 Aug 2014 19:42:05 GMT) (full text, mbox, link).


Message #24 received at 330885@bugs.debian.org (full text, mbox, reply):

From: Gabriel Filion <gabster@lelutin.ca>
To: 330885@bugs.debian.org
Subject: postfix: default configuration should enable use of TLS for stmp as default
Date: Tue, 19 Aug 2014 15:28:29 -0400
[Message part 1 (text/plain, inline)]
I, too, would like to see this added to the default main.cf file
distributed by the postfix package. With this simple change, more
servers would be using server-to-server encryption. Those whose setup
require them to disable such opportunistic encryption can always change
the value for smtp_tls_security_level.

(sorry to revive this old issue, but it's such a simple change and it
hasn't recieved any love for so long)

-- 
Gabriel Filion

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix. (Sun, 16 Aug 2015 16:24:04 GMT) (full text, mbox, link).


Acknowledgement sent to Noël Köthe <noel@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Sun, 16 Aug 2015 16:24:04 GMT) (full text, mbox, link).


Message #29 received at 330885@bugs.debian.org (full text, mbox, reply):

From: Noël Köthe <noel@debian.org>
To: 330885@bugs.debian.org
Subject: #330885 postfix enable TLS for smtp
Date: Sun, 16 Aug 2015 18:21:02 +0200
[Message part 1 (text/plain, inline)]
Hello,

maybe before the bugreport gets 10 years old it could be fixed?

IMHO it would be a good goal to have a default configuration which has
TLS enabled.

Thank you.

Regards

	Noël

-- 
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jan 6 01:37:28 2018; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.