Bug 1225397

Summary: postfix gives warnings about deprecated parameters
Product: [openSUSE] openSUSE Tumbleweed Reporter: Freek de Kruijf <freek>
Component: NetworkAssignee: Peter Varkoly <varkoly>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Patch file for config.postfix

Description Freek de Kruijf 2024-05-27 15:26:44 UTC 
postfix gives warnings about deprecated parameters
May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtp_enforce_tls" will be removed; instead, specify "smtp_tls_security_level"
May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtpd_enforce_tls" will be removed; instead, specify "smtpd_tls_security_level"
May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtp_use_tls" will be removed; instead, specify "smtp_tls_security_level"
May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtpd_use_tls" will be removed; instead, specify "smtpd_tls_security_level"

These parameters are introduced in /sbin/config.postfix

The attached patch file removes this introduction, the replacements are already present in config.postfix.
Also a bug in the naming of backups in /var/adm/backups/postfix is addressed.

In principle "$POSTFIX_SMTP_TLS_CLIENT" == "must" should not be expanded in $PCONF -e "smtp_tls_security_level = encrypt". This is a global definition. It should be expanded in smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy and only for specific destinations in /etc/postfix/tls_policy.
So the possibility "must" should be accompanied by specific destinations.
Comment 1 Freek de Kruijf 2024-05-27 15:27:58 UTC 
Created attachment 875136 [details]
Patch file for config.postfix
Comment 2 Freek de Kruijf 2024-05-27 15:58:15 UTC 
(In reply to Freek de Kruijf from comment #0)
> postfix gives warnings about deprecated parameters
> In principle "$POSTFIX_SMTP_TLS_CLIENT" == "must" should not be expanded in
> $PCONF -e "smtp_tls_security_level = encrypt". This is a global definition.
> It should be expanded in smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy
> and only for specific destinations in /etc/postfix/tls_policy.
> So the possibility "must" should be accompanied by specific destinations.

Setting this parameter to this value also results in amavis not able to deliver messages back to postfix. Only after resetting the value to "may" gets these messages again processed by postfix.
Comment 3 Freek de Kruijf 2024-05-28 13:57:34 UTC 
(In reply to Freek de Kruijf from comment #2)
> (In reply to Freek de Kruijf from comment #0)
> > postfix gives warnings about deprecated parameters
> > In principle "$POSTFIX_SMTP_TLS_CLIENT" == "must" should not be expanded in
> > $PCONF -e "smtp_tls_security_level = encrypt". This is a global definition.
> > It should be expanded in smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy
> > and only for specific destinations in /etc/postfix/tls_policy.
> > So the possibility "must" should be accompanied by specific destinations.
> 
> Setting this parameter to this value also results in amavis not able to
> deliver messages back to postfix. Only after resetting the value to "may"
> gets these messages again processed by postfix.

It is the reverse, postfix can't deliver the message to amavis, because it requires amavis to present STARTTLS.