Mailinglist Archive: heroes (27 mails)

< Previous Next >
Re: [heroes] TLS for wiki notifications
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Wed, 02 Aug 2017 09:01:42 +0200
  • Message-id: <olrtcm$7ap$1@saturn.local.net>
Christian Boltz wrote:

Hello,

Am Dienstag, 1. August 2017, 19:04:11 CEST schrieb Per Jessen:
Christian Boltz wrote:
Am Mittwoch, 26. Juli 2017, 17:51:24 CEST schrieb PatrickD Garvey:
It appears the new wiki is not using TLS to send out
notifications.

Right, the wiki VM uses a very basic Postfix setup to send out
mails,
which also means it doesn't have any certificates.

It doesn't need certificates for sending, just enable TLS :

smtp_tls_security_level = may

Indeed, you are right :-) - thanks for the hint!

Adding this config option and enabling tlsmgr in master.cf did the
trick. Wiki notifications now get sent over an encrypted connection
whenever possible.

I just checked the postfix package in Tumbleweed - tlsmgr is now
enabled by default, but it looks like smtp_tls_security_level isn't
set, which means it falls back to smtp_use_tls = no :-(

In principle TLS means more overhead, but I can't imagine it's a real
problem on today's machines. Still, it's a matter for the postmaster,
I wouldn't expect it to be enabled by default.

BTW: I also set myhostname = en.opensuse.org because "localhost" looks
too spammy ;-)

It's probably not really important, but as a mailserver, the IP
(195.135.221.161) ought to have a reverse mapping that matches.


--
Per Jessen, Zürich (21.0°C)
openSUSE mailing list admin

--
To unsubscribe, e-mail: heroes+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: heroes+owner@xxxxxxxxxxxx

< Previous Next >