Christian Boltz wrote:
Hello,
Am Dienstag, 1. August 2017, 19:04:11 CEST schrieb Per Jessen:
Christian Boltz wrote:
Am Mittwoch, 26. Juli 2017, 17:51:24 CEST schrieb PatrickD Garvey:
It appears the new wiki is not using TLS to send out notifications.
Right, the wiki VM uses a very basic Postfix setup to send out mails, which also means it doesn't have any certificates.
It doesn't need certificates for sending, just enable TLS :
smtp_tls_security_level = may
Indeed, you are right :-) - thanks for the hint!
Adding this config option and enabling tlsmgr in master.cf did the trick. Wiki notifications now get sent over an encrypted connection whenever possible.
I just checked the postfix package in Tumbleweed - tlsmgr is now enabled by default, but it looks like smtp_tls_security_level isn't set, which means it falls back to smtp_use_tls = no :-(
In principle TLS means more overhead, but I can't imagine it's a real problem on today's machines. Still, it's a matter for the postmaster, I wouldn't expect it to be enabled by default.
BTW: I also set myhostname = en.opensuse.org because "localhost" looks too spammy ;-)
It's probably not really important, but as a mailserver, the IP (195.135.221.161) ought to have a reverse mapping that matches. -- Per Jessen, Zürich (21.0°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org