[Ach] Typo in Postfix smtpd_tls_loglevel?
Albert Krewinkel
albert+crypto at zeitkraut.de
Tue Mar 8 10:15:31 CET 2016
Hi list,
I'm confused by the recommended setting for the Postfix parameter
`smtpd_tls_loglevel`. The recommendation contain the following lines:
# use 0 for Postfix >= 2.9, and 1 for earlier versions
smtpd_tls_loglevel = 0
This seems weired, as the Postfix docs[1] state that
> 1: Log only a summary message on TLS handshake completion — no logging
> of client certificate trust-chain verification errors if client
> certificate verification is not required. With Postfix 2.8 and
> earlier, log the summary message, peer certificate summary information
> and unconditionally log trust-chain verification errors.
So with a loglevel of 1, Postfix <2.9 logs *more* than later versions.
The recommendation is to log nothing with >= 2.9, but to log everything
(including trust-chain errors) with earlier versions. I'd expect the
snippet to be
# use 1 for Postfix >= 2.9, and 0 for earlier versions
smtpd_tls_loglevel = 0
though personally, I'd set `smtpd_tls_loglevel = 1` in either case.
Cheers,
/Albert
[1]: http://www.postfix.org/postconf.5.html#smtpd_tls_loglevel
--
Albert Krewinkel
GPG: 8eed e3e2 e8c5 6f18 81fe e836 388d c0b2 1f63 1124
More information about the Ach
mailing list