-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypt outgoing messages (relayed) with STARTTLS by default #83
Conversation
smtp_tls_note_starttls_offer = yes | ||
smtp_use_tls = {{ postfix_smtp_tls_security_level != 'none' | ternary('yes', 'no')}} | ||
smtp_tls_security_level = {{ postfix_smtp_tls_security_level }} | ||
smtp_tls_note_starttls_offer = {{ postfix_smtp_tls_note_starttls_offer | bool | ternary('yes', 'no') }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you want to use it without those options, you can do something like this:
postfix_raw_options:
- |
smtp_use_tls = {{ postfix_smtp_tls_security_level != 'none' | ternary('yes', 'no') }}
smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or do you guys think it should be outside the if
's
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd leave it inside the if
, since for some reason someone may want not to use TLS, so flexibility is fine here IMO.
But I'd switch smtp_use_tls
completely, as since 2.3, the recommended variable is smtp_tls_security_level
instead (I am not sure anyone wants to use older versions in a critical piece of software like an SMTP server).
It depends on whether you want to potentially break old installations or not.
Encrypt outgoing messages (relayed) with STARTTLS by default
No description provided.