[Ach] Typo in Postfix smtpd_tls_loglevel?

Albert Krewinkel albert+crypto at zeitkraut.de
Tue Mar 8 10:15:31 CET 2016

Hi list,

I'm confused by the recommended setting for the Postfix parameter
`smtpd_tls_loglevel`.  The recommendation contain the following lines:

    # use 0 for Postfix >= 2.9, and 1 for earlier versions
    smtpd_tls_loglevel = 0

This seems weired, as the Postfix docs[1] state that

> 1: Log only a summary message on TLS handshake completion — no logging
> of client certificate trust-chain verification errors if client
> certificate verification is not required. With Postfix 2.8 and
> earlier, log the summary message, peer certificate summary information
> and unconditionally log trust-chain verification errors.

So with a loglevel of 1, Postfix <2.9 logs *more* than later versions.
The recommendation is to log nothing with >= 2.9, but to log everything
(including trust-chain errors) with earlier versions.  I'd expect the
snippet to be

    # use 1 for Postfix >= 2.9, and 0 for earlier versions
    smtpd_tls_loglevel = 0

though personally, I'd set `smtpd_tls_loglevel = 1` in either case.


[1]: http://www.postfix.org/postconf.5.html#smtpd_tls_loglevel

Albert Krewinkel
GPG: 8eed e3e2 e8c5 6f18 81fe  e836 388d c0b2 1f63 1124

More information about the Ach mailing list