Prev: drop email for my-sub-domain
Next: what is the quickest way to bounce all message in the defer queue?
From: "Matthias Andree" on 22 Jul 2010 20:10 Greetings, I haven't checked if it's a flaw in my configuration, but anyways, for the records: openSUSE 11.3 does not seem to automatically set up the TLS certs for the chroot if you have smtp_tls_CApath set, but not smtpd_tls_CApath (note the d in smtp vs. smtpd). I needed to do this to get my SMTP client work again: sudo c_rehash /etc/ssl/certs/ # just to be on the safe side sudo rsync -av /etc/ssl/certs/ /var/spool/postfix/etc/ssl/certs --del --copy-unsafe-links -H Note that smtpd_tls_CApath would call rsync -avH, which would copy symlinks verbatim into the chroot, which get broken along the way because there is no /usr/share/ca-certificates inside the Postfix chroot (this is a fault in SuSEconfig.postfix). Note that SUSE /etc/ssl/certs .pem files are actually symlinks to /usr/share/ca-certificates/mozilla/... managed by update-ca-certificates, hence the copy-unsafe-links. I don't currently have time to do a formal bug report against SuSEconfig.postfix, and I'm unsure if they or I care enough. Perhaps Carsten Höger reads this? Best -- Matthias Andree
From: Carsten Hoeger on 23 Jul 2010 04:45
On Fri, Jul 23, Matthias Andree wrote: > Greetings, > > I haven't checked if it's a flaw in my configuration, but anyways, > for the records: > > openSUSE 11.3 does not seem to automatically set up the TLS certs > for the chroot if you have smtp_tls_CApath set, but not > smtpd_tls_CApath (note the d in smtp vs. smtpd). > > I needed to do this to get my SMTP client work again: > > sudo c_rehash /etc/ssl/certs/ # just to be on the safe side > sudo rsync -av /etc/ssl/certs/ /var/spool/postfix/etc/ssl/certs > --del --copy-unsafe-links -H > > Note that smtpd_tls_CApath would call rsync -avH, which would copy > symlinks verbatim into the chroot, which get broken along the way > because there is no /usr/share/ca-certificates inside the Postfix > chroot (this is a fault in SuSEconfig.postfix). > > Note that SUSE /etc/ssl/certs .pem files are actually symlinks to > /usr/share/ca-certificates/mozilla/... managed by > update-ca-certificates, hence the copy-unsafe-links. > > I don't currently have time to do a formal bug report against > SuSEconfig.postfix, and I'm unsure if they or I care enough. Perhaps > Carsten Höger reads this? Although I am reading this, I am sorry to say, that this is no longer my business. I suggest to open a bug at https://bugzilla.novell.com -- With best regards, Carsten Hoeger |