https://bugzilla.novell.com/show_bug.cgi?id=684304
https://bugzilla.novell.com/show_bug.cgi?id=684304#c4
Matthias Andree changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CLOSED |REOPENED
Resolution|FIXED |
--- Comment #4 from Matthias Andree 2011-07-27 15:40:32 UTC ---
Reopening as the problem persists even after I let SuSEconfig deal with
main.cf. Note /etc/sysconfig/postfix doesn't appear to have options to set
CApath.
$ rpm -q postfix
postfix-2.8.4-89.1.i586
$ sudo /sbin/SuSEconfig --module postfix --verbose
Starting SuSEconfig, the SuSE Configuration Tool...
Running module postfix only
Running in verbose mode.
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.postfix...
checking postfix chroot environment...
copying missing .//etc/ssl/ca-bundle.pem from /etc/ssl/ca-bundle.pem
ln: accessing `/var/lib/imap/socket/lmtp': No such file or directory
No changes for /etc/postfix/master.cf
Setting up postfix local as MDA...
Setting SPAM protection to "off"...
No changes for /etc/postfix/main.cf
Finished.
$ sudo /usr/sbin/postfix check
postfix/postfix-script: warning:
/var/spool/postfix/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem and
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem differ
postfix/postfix-script: warning:
/var/spool/postfix/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem and
/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem differ
postfix/postfix-script: warning:
/var/spool/postfix/etc/ssl/certs/DigiCert_Global_Root_CA.pem and
/etc/ssl/certs/DigiCert_Global_Root_CA.pem differ
$ ls -ldH /var/spool/postfix/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
-rw-r--r-- 1 root root 1491 19. Feb 04:21
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
-rw-r--r-- 1 root root 1466 5. Jul 2010
/var/spool/postfix/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
Reason appears to be that /sbin/conf.d/SuSEconfig.postfix only checks
smtpd_tls_CApath but not smtp_tls_CApath. These really should both be copied
into the chroot. :)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.