postfix chroot environment doesn't have ca-certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Debian) |
Fix Released
|
Unknown
|
|||
ubuntu-docs (Ubuntu) |
Fix Released
|
Low
|
Ubuntu Server |
Bug Description
Binary package hint: postfix
In my mail.log I noticed
Jun 6 06:25:09 smtp2 postfix/smtp[6020]: certificate verification failed for mailfilter.
Jun 6 06:25:09 smtp2 postfix/smtp[6020]: certificate verification failed for mailfilter.
Jun 6 06:25:09 smtp2 postfix/smtp[6020]: certificate verification failed for mailfilter.
Jun 6 06:25:10 smtp2 postfix/smtp[6020]: Unverified: subject_
which I found a bit odd considering ca-certificates was installed.
After poking around a bit I discovered that the ca-certificates were not installed in a place that the postfix chroot could get to them.
Steps for resolution by hand:
mkdir -p /var/spool/
(cd /etc/ssl/certs ; tar cvf - * ) | (cd /var/spool/
(cd /usr/share/
postconf -e smtp_tls_CApath = /certs
/etc/init.d/postfix reload
Any chance on getting this a bit more automated?
dpkg -l |grep postfix
ii postfix 2.3.3-1 A high-performance mail transport agent
ii postfix-ldap 2.3.3-1 LDAP map support for Postfix
ii postfix-pcre 2.3.3-1 PCRE map support for Postfix
dpkg -l |grep ca-certificates
ii ca-certificates 20050804 Common CA Certificates PEM files
Related branches
Changed in postfix: | |
status: | Unknown → New |
Changed in ubuntu-docs: | |
status: | Confirmed → Triaged |
importance: | Undecided → Low |
Changed in postfix: | |
status: | New → Fix Released |
I think this bug can be raised to Wishlist in Ubuntu as it currently gets no attention in Debian and solved by the proposal here or in the Debian Bug Tracker. Doing so will increase postfix administrator experience.
Probably it's even better to put the certificates inside the chroot and only symlinking outside the chroot as this will save some efforts and does not brake chroot.