fix: Opt-out of implicit TLS for Amavis SMTP client transport (#2607)

Presently relay-host support modifies `main.cf` settings directly. This adjusts the default transport (`smtp`) which other transports in `master.cf` inherit from.

When configuring for implicit TLS to a `relay-host` this would set `main.cf:smtp_tls_wrappermode = yes` and affect the transport `master.cf:smtp-amavis` which does not set an override like it does for `smtp_tls_security_level`. This causes Amavis to fail working which the default transport relies on due to `main.cf:content_filter`.

Easy fix, by explicitly adding the override `smtp_tls_wrappermode=no`.`no` is default in `main.cf` so inheriting this setting hasn't been a problem in the past for other relay-hosts using StartTLS.
This commit is contained in:
Brennan Kinney 2022-06-05 12:04:16 +12:00 committed by GitHub
parent d04aceccae
commit 5437b0e30b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -82,13 +82,16 @@ policyd-spf unix - n n - 0 spawn
# #
smtp-amavis unix - - n - 2 smtp smtp-amavis unix - - n - 2 smtp
-o syslog_name=postfix/$service_name
-o smtp_data_done_timeout=1200 -o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes -o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes -o disable_dns_lookups=yes
-o max_use=20 -o max_use=20
-o smtp_tls_security_level=none -o smtp_tls_security_level=none
-o smtp_tls_wrappermode=no
127.0.0.1:10025 inet n - n - - smtpd 127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=postfix/smtpd-amavis
-o content_filter= -o content_filter=
-o local_recipient_maps= -o local_recipient_maps=
-o relay_recipient_maps= -o relay_recipient_maps=