[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: what's smtpd_tls_wrappermode 'non standart' ?
From:       Miwa Susumu <miwarin () gmail ! com>
Date:       2018-07-24 13:34:49
Message-ID: CAM_ND6oSxVm8Awt1MwEjEm30ULSfWDqaCAOMoR6hbxsMOHQu-A () mail ! gmail ! com
[Download RAW message or body]

hi.

2018-07-24 18:24 GMT+09:00 Dominic Raferd <dominic@timedicer.co.uk>:
>> Does 'the non-standard "wrapper" mode' refer to SMTPS using port 465?
>> smtpd_tls_wrappermode
>> http://www.postfix.org/postconf.5.html#smtpd_tls_wrappermode
>> > Run the Postfix SMTP server in the non-standard "wrapper" mode, instead
>> > of using the STARTTLS command.
>> I think SMTPS using port 465 is 'standard' in RFC8314
>> https://tools.ietf.org/html/rfc8314
>
>
> TL;DR - yes
>
> My understanding (corrections welcome):
>
> What is called 'wrapper mode' in Postfix docs is called 'implicit TLS' in
> this RFC8314 (which is new @ Jan 2018). This has normally been on port 465 -
> often known as 'smtps' (including in Postfix, which also terms 587 as
> 'submission'). Note that the RFC says that term 'smtps' is outdated [7.3]
> and instead describes 'the "submissions" service (default port 465)' [3.3] -
> confusingly I think.
>
> The RFC discourages STARTTLS (normally on port 587) for MUA -> MTA (but not
> for MTA -> MTA) in favour of implicit TLS on 465. However many (most?) of us
> use STARTTLS on 587 for authenticated connections, not least because
> implicit TLS has only become a standard with the issue of this new RFC.

thanks.
it's confusing ;-0


> So instead of 'wrapper mode' I think the Postfix documents should say
> "implicit TLS (formerly 'wrapper mode')", and references to it being
> 'non-standard' should come out. Maybe the option 'smtpd_tls_wrappermode'
> should be aliased to 'smtpd_tls_implicit'. But let's give Wietse some time
> to catch up, he probably has more important things ;-)

ok.
I expect it :)

-- 
miwarin
[prev in list] [next in list] [prev in thread] [next in thread]