Mailinglist Archive: heroes (27 mails)

< Previous Next >
Re: [heroes] TLS for wiki notifications
Hello,

Am Dienstag, 1. August 2017, 19:04:11 CEST schrieb Per Jessen:
Christian Boltz wrote:
Am Mittwoch, 26. Juli 2017, 17:51:24 CEST schrieb PatrickD Garvey:
It appears the new wiki is not using TLS to send out notifications.

Right, the wiki VM uses a very basic Postfix setup to send out
mails,
which also means it doesn't have any certificates.

It doesn't need certificates for sending, just enable TLS :

smtp_tls_security_level = may

Indeed, you are right :-) - thanks for the hint!

Adding this config option and enabling tlsmgr in master.cf did the trick.
Wiki notifications now get sent over an encrypted connection whenever
possible.

I just checked the postfix package in Tumbleweed - tlsmgr is now enabled
by default, but it looks like smtp_tls_security_level isn't set, which
means it falls back to smtp_use_tls = no :-(


BTW: I also set myhostname = en.opensuse.org because "localhost" looks
too spammy ;-)


Regards,

Christian Boltz
--
Alle Distributionen saugen - die Schmerzen sind nur *anders*
Für die einen ist es Linux, für die anderen der flexibelste
Schmerzbaukasten der Welt. [> G. Doering + Oli Schad]

--
To unsubscribe, e-mail: heroes+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: heroes+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References