https://bugzilla.novell.com/show_bug.cgi?id=488268 Summary: SuSEconfig.postfix chroot setup misses /etc/ssl/certs Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: All OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: matthias.andree@gmx.de QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729) The SuSEconfig.postfix scriptlet in postfix-2.5.5-6.7 that sets up the chroot jail fails to copy /etc/ssl/certs, which makes the TLS client part unable to verify any TLS certificate it chroot is configured. Consequence: Postfix is unable to do any mail delivery to external sites given a sufficiently strict configuration in tls_policy if chroot is enabled in /etc/sysconfig/postfix. I haven't yet attempted to use the TLS server part. Reproducible: Always Steps to Reproduce: 1. configure TLS client and CHROOT through /etc/sysconfig/postfix 2. configure strict policies through /etc/postfix/tls_policy 3. run SuSEconfig Actual Results: Mar 24 17:07:48 merlin postfix/qmgr[9147]: 858609435D: from=<XXXXXXXXXXX@gmx.de>, size=330, nrcpt=1 (queue active) Mar 24 17:07:49 merlin postfix/smtp[9160]: certificate verification failed for mail.gmx.net[213.165.64.21]:25: untrusted issuer / C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddre ss=premium-server@thawte.com Mar 24 17:07:49 merlin postfix/smtp[9160]: 858609435D: Server certificate not trusted Mar 24 17:07:49 merlin postfix/smtp[9160]: certificate verification failed for mail.gmx.net[213.165.64.20]:25: untrusted issuer / C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddre ss=premium-server@thawte.com Mar 24 17:07:49 merlin postfix/smtp[9160]: 858609435D: to=<XXXXXXXXXXX@XXXXXXXXXXX.de>, relay=mail.gmx.net[213.165.64.20]:25, delay=1.4, delays=0.22/0.13/1.1/0, dsn=4.7.5, status=deferred (Server certificate not trusted) Expected Results: delivered mail. After manually doing "rsync -avH /etc/ssl/certs /var/spool/postfix/etc/ssl", Postfix can deliver mail. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.