|Main Archive Page > Month Archives > postfix-users archives|
On Mon, Oct 18, 2010 at 02:24:06PM -0700, Yang Zhang wrote:
> According to the docs [1, 2], "smtp_tls_note_starttls_offer=yes"
> should log when a server offers STARTTLS.
Yes, when TLS is offered, but not used, because you have not enabled
opportunistic TLS, or when an opportunistic handshake fails and is
re-tried in plaintext.
* Optionally log unused STARTTLS opportunities.
if ((session->features & SMTP_FEATURE_STARTTLS) &&
session->tls_level <= TLS_LEV_NONE)
msg_info("Host offered STARTTLS: [%s]", session->host);
If you have "smtp_tls_security_level = may" or stronger, this
configuration parameter is not terribly useful.
> However, I've been testing
> among my own SMTP servers, and while I can verify that TLS is being
> used (with "smtpd_tls_loglevel=1" on the smtpd side), I can't tell
> what TLS capabilities the smtp (client) is seeing. I'm using Postfix
Don't know what TLS capabilities you have in mind, but "note_tls_offer"
feature is a binary switch to log a missed opportunity to use "STARTTLS",