Possible Postfix TLS bug, not sure [#12162]

Submitted by arjones85 on Sat, 10/31/2009 - 11:31

When going to Servers - Postfix - SMTP Authentication and Encryption - Enable TLS Encryption, rather it is on or off the following remains at the bottom of my main.cf:

smtpd_tls_security_level = may smtpd_tls_key_file = /etc/postfix/server.key smtpd_tls_cert_file = /etc/postfix/server.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom

So even if it is turned off, TLS encryption still works. What exactly is the Yes and No supposed to change? I had manually added that to the bottom of my main.cf before I had known that Webmin would take care of that for me, so I am just wondering what the Yes / No changes in the configs.

Status:

Closed (fixed)

Comments

Submitted by arjones85 on Tue, 11/03/2009 - 11:48 Comment #1

Nevermind on this, I see how it does what it does.

For anyone else that may see this and is just wondering how TLS is enabled through the webmin interface, it adds "smtpd_use_tls = yes" at the bottom, and then also adds the certificate and key file at the bottom.

By the way Jamie, smtpd_use_tls is considered obsolete now by Postfix, and has been replaced by smtp_tls_security_level. I use "may" on mine as it allows the client to decide if they would like to use TLS or not on the same port.

Edited to fix smtpd_ to smtp_

Submitted by JamieCameron on Sun, 11/01/2009 - 18:07 Comment #2

Thanks for the information .. I should update Webmin to use this new smtpd_tls_security_level parameter.

Do you know which Postfix version it was introduced in?

Submitted by arjones85 on Tue, 11/03/2009 - 11:49 Comment #3

Unfortunately I do not. I did a bit of Googling and couldn't find any information on when smtp_tls_security_level was introduced, but you can verify here:

STARTTLS SUPPORT CONTROLS Detailed information about STARTTLS configuration may be found in the TLS_README document.

   smtp_tls_security_level (empty)
          The default SMTP TLS security level for the Postfix
          SMTP client; when a non-empty value  is  specified,
          this     overrides    the    obsolete    parameters
          smtp_use_tls,         smtp_enforce_tls,         and
          smtp_tls_enforce_peername.

http://www.postfix.org/lmtp.8.html

By the way, mine previous post had a typo in it. It's smtp_, not smtpd_

Submitted by JamieCameron on Tue, 11/03/2009 - 17:27 Comment #4

Looks like it was added in Postfix 2.3. I will support this in the next Webmin release ..

Submitted by Issues on Wed, 11/18/2009 - 19:20 Comment #5

Automatically closed -- issue fixed for 2 weeks with no activity.

Submitted by mahial on Mon, 10/03/2016 - 04:30 Pro Licensee Comment #6

The "SMTP client" and "SMTP Authentication and encryption" options in the Postfix panel in Virtualmin still continue to add lines such as "smtp_use_tls=yes" and "smtpd_use-tls=yes" rather than "smtp_tls_security_level=may or encrypt" and "smtpd_tls_security_level=may or encrypt" even 7 years after this post with Postfix 2.10, although these parameters are officialy considered obsolete. Would there be a scheduled update for the Postfix panel in Virtualmin for this issue ? Many thanks for your app.