Debian Bug report logs -
#330885
postfix: default configuration should enable use of TLS for SMTP as default
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix.
(full text, mbox, link).
Acknowledgement sent to Dominik Kubla <dominik@kubla.de>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: postfix
Version: 2.2.4-1
Severity: wishlist
The default postfix configuration should use TLS when delivering mail if
the receiving host supports it. Please add the following lines to the
default main.cf:
smtp_use_tls = yes
smtp_enforce_tls = no
smtp_tls_enforce_peername = no
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:/var/cache/postfix/smtp_scache
These settings will allow the use of TLS for deliveing mail, while not
enforcing it or any strict checks of the certificate presented.
This also means that the package should include the directory
/var/cache/postfix to store the TLS session cache.
In a related matter: The installation procedure should ask if the
relayhost requires the use of a password and should create appropriate
configuration entries..
Kind regards,
Dominik Kubla
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (900, 'unstable'), (800, 'testing'), (100, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc2-git6
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages postfix depends on:
ii adduser 3.69 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy
ii dpkg 1.13.11.0.1 package maintenance system for Deb
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-19 Berkeley v4.2 Database Libraries [
ii libsasl2 2.1.19-1.6 Authentication abstraction library
ii libssl0.9.7 0.9.7g-3 SSL shared libraries
ii netbase 4.22 Basic TCP/IP networking system
Versions of packages postfix recommends:
ii emacs21 [mail-re 21.4a-2 The GNU Emacs editor
ii kmail [mail-read 4:3.4.2-2 KDE Email client
ii mailx [mail-read 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii mozilla-thunderb 1.0.6-4 Mozilla Thunderbird standalone mai
ii mutt [mail-reade 1.5.11-1 Text-based mailreader supporting M
pn resolvconf <none> (no description available)
-- debconf information:
* postfix/mailname: <WITHHELD>
postfix/tlsmgr_upgrade_warning:
* postfix/relayhost: <WITHHELD>
postfix/procmail: true
postfix/bad_recipient_delimiter:
postfix/rfc1035_violation: false
postfix/mynetworks: 127.0.0.0/8
postfix/master_upgrade_warning:
postfix/db_upgrade_warning: true
postfix/dynamicmaps_upgrade_warning:
postfix/recipient_delim: +
* postfix/main_mailer_type: Internet with smarthost
postfix/transport_map_warning:
* postfix/chattr: false
* postfix/root_address: <WITHHELD>
* postfix/destinations: <WITHHELD>
postfix/nqmgr_upgrade_warning:
postfix/not_configured:
postfix/mailbox_limit: 0
Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix.
(full text, mbox, link).
Acknowledgement sent to Pat Riehecky <prieheck@iwu.edu>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(full text, mbox, link).
Message #10 received at 330885@bugs.debian.org (full text, mbox, reply):
I would like to vote for this bug, the only thing I change on 99% of my
postfix installs is this. The debconf values rule for a lot of
installs, but TLS by default would eliminate almost all of the main.cf
editing I do.
Pat
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix.
(Thu, 23 Oct 2008 10:30:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "registrations@das-komitee.de" <registrations@das-komitee.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Thu, 23 Oct 2008 10:30:02 GMT) (full text, mbox, link).
Message #15 received at 330885@bugs.debian.org (full text, mbox, reply):
Hi,
I'd like to vote for this bug too.
The config as shown is deprecated, so it should be
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/cache/postfix/smtp_scache
It would also be good to copy the CApath directory to the chroot
environment.
I usually add this to /etc/init.d/postfix:
-------
ca_path=$(postconf -h smtp_tls_CApath)
DIRS="${ca_path#/}"
for dir in $DIRS; do
[ -d ${dir} ] || mkdir -p ${dir}
if [ -d /${dir} ]; then rm -rf ${dir} && cp -r /${dir} ${dir}; fi
if [ -d ${dir} ]; then chmod -R a+rX ${dir}; fi
done
-------
Regards,
TT
Changed Bug title to 'postfix: default configuration should enable use of TLS for SMTP as default' from 'postfix: default configuration should enable use of TLS for stmp as default'
Request was from Philipp Kern <pkern@simplex.0x539.de>
to control@bugs.debian.org.
(Mon, 21 Apr 2014 20:57:05 GMT) (full text, mbox, link).
Merged 163144 330885
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org.
(Thu, 24 Apr 2014 11:03:11 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix.
(Tue, 19 Aug 2014 19:42:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Gabriel Filion <gabster@lelutin.ca>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Tue, 19 Aug 2014 19:42:05 GMT) (full text, mbox, link).
Message #24 received at 330885@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I, too, would like to see this added to the default main.cf file
distributed by the postfix package. With this simple change, more
servers would be using server-to-server encryption. Those whose setup
require them to disable such opportunistic encryption can always change
the value for smtp_tls_security_level.
(sorry to revive this old issue, but it's such a simple change and it
hasn't recieved any love for so long)
--
Gabriel Filion
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#330885; Package postfix.
(Sun, 16 Aug 2015 16:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Noël Köthe <noel@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Sun, 16 Aug 2015 16:24:04 GMT) (full text, mbox, link).
Message #29 received at 330885@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hello,
maybe before the bugreport gets 10 years old it could be fixed?
IMHO it would be a good goal to have a default configuration which has
TLS enabled.
Thank you.
Regards
Noël
--
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
[signature.asc (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jan 6 01:37:28 2018;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.