From: Viktor Dukhovni Date: Fri, 25 Jul 2014 15:25:33 +0000 (-0400) Subject: Clear fallback level for non-DANE destinations. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55188f4b3250908ad82bb0b212a34ff5b41b458e;p=thirdparty%2Fpostfix.git Clear fallback level for non-DANE destinations. Since the effective policy is "may", there is no need for a fallback setting. Add comment text about fallback from "encrypt" with unusable TLSA RRs. --- diff --git a/postfix/src/smtp/smtp_tls_policy.c b/postfix/src/smtp/smtp_tls_policy.c index ca401716d..cff26a058 100644 --- a/postfix/src/smtp/smtp_tls_policy.c +++ b/postfix/src/smtp/smtp_tls_policy.c @@ -813,11 +813,19 @@ static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls, */ if (tls->level == TLS_LEV_DANE && errtype != TLSA_LOOKUP_ERR) { if (errtype == DANE_UNUSABLE) { + /* + * When TLSA are present, but none are usable, "dane" clients + * are expected to perform mandatory unauthenticated TLS. If + * the "dane" the fallback level is "may", we enable fallback to + * cleartext (with the appropriate warnings). + */ tls->level = TLS_LEV_ENCRYPT; if (tls->fallback_level != TLS_LEV_MAY) tls->fallback_level = TLS_LEV_NOTFOUND; - } else + } else { tls->level = TLS_LEV_MAY; + tls->fallback_level = TLS_LEV_NOTFOUND; + } if (errtype == NONDANE_CONFIG) vmsg_warn(fmt, ap); else if (msg_verbose)