Bugzilla – Bug 1225397
postfix gives warnings about deprecated parameters
Last modified: 2024-07-02 13:27:20 UTC
postfix gives warnings about deprecated parameters May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtp_enforce_tls" will be removed; instead, specify "smtp_tls_security_level" May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtpd_enforce_tls" will be removed; instead, specify "smtpd_tls_security_level" May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtp_use_tls" will be removed; instead, specify "smtp_tls_security_level" May 27 12:27:56 localhost.localdomain cond_slp[1447]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: support for parameter "smtpd_use_tls" will be removed; instead, specify "smtpd_tls_security_level" These parameters are introduced in /sbin/config.postfix The attached patch file removes this introduction, the replacements are already present in config.postfix. Also a bug in the naming of backups in /var/adm/backups/postfix is addressed. In principle "$POSTFIX_SMTP_TLS_CLIENT" == "must" should not be expanded in $PCONF -e "smtp_tls_security_level = encrypt". This is a global definition. It should be expanded in smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy and only for specific destinations in /etc/postfix/tls_policy. So the possibility "must" should be accompanied by specific destinations.
Created attachment 875136 [details] Patch file for config.postfix
(In reply to Freek de Kruijf from comment #0) > postfix gives warnings about deprecated parameters > In principle "$POSTFIX_SMTP_TLS_CLIENT" == "must" should not be expanded in > $PCONF -e "smtp_tls_security_level = encrypt". This is a global definition. > It should be expanded in smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy > and only for specific destinations in /etc/postfix/tls_policy. > So the possibility "must" should be accompanied by specific destinations. Setting this parameter to this value also results in amavis not able to deliver messages back to postfix. Only after resetting the value to "may" gets these messages again processed by postfix.
(In reply to Freek de Kruijf from comment #2) > (In reply to Freek de Kruijf from comment #0) > > postfix gives warnings about deprecated parameters > > In principle "$POSTFIX_SMTP_TLS_CLIENT" == "must" should not be expanded in > > $PCONF -e "smtp_tls_security_level = encrypt". This is a global definition. > > It should be expanded in smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy > > and only for specific destinations in /etc/postfix/tls_policy. > > So the possibility "must" should be accompanied by specific destinations. > > Setting this parameter to this value also results in amavis not able to > deliver messages back to postfix. Only after resetting the value to "may" > gets these messages again processed by postfix. It is the reverse, postfix can't deliver the message to amavis, because it requires amavis to present STARTTLS.