root, not postfix, owns /var/spool/postfix

What's the output of:

postconf | grep data_directory

Did you reuse your main,cf from an earlier Postfix version or use the one created when you installed the package?

That would be main.cf not main,cf.

On Mon, Apr 28, 2008 at 01:28:43AM -0000, Scott Kitterman wrote:
> What's the output of:
>
> postconf | grep data_directory
>
> Did you reuse your main,cf from an earlier Postfix version or use the
> one created when you installed the package?
>
> ** Changed in: postfix (Ubuntu)
> Status: New => Incomplete
>
> --
> root, not postfix, owns /var/spool/postfix
> https://bugs.launchpad.net/bugs/223376
> You received this bug notification because you are a direct subscriber
> of the bug.

root@satyr:~# postconf | grep data_directory
data_directory = /var/lib/postfix
tls_random_exchange_name = ${data_directory}/prng_exch
root@satyr:~# postconf | grep /var/spool/postfix
queue_directory = /var/spool/postfix
root@satyr:~#

I used my existing main.cf as a starting point.

Here's postconf -n output:

alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 4h
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.localdomain, localhost
myhostname = xxxx.xxxx.xxx
mynetworks = 127.0.0.0/8, 192.168.1.0/24
myorigin = /etc/mailname
recipient_delimiter = +
relay_domains =
relayhost = [xxxx.xxxx.xxx]
smtp_fallback_relay = [xxxx.xxxxx.xxx], [xxxx.xxxxx.xxx], [xxxx.xxxx.xxx]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, reject_invalid_hostname, reject_unknown_recipient_domain, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_CAfile = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes

--
<email address hidden>

This is not actually a bug. The correct solution is to have the cache where a fresh Postfix install would put it:

data_directory = /var/lib/postfix
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_random_exchange_name = ${data_directory}/prng_exch

This was the result of an upstream change for Postfix 2.5. I'd suggest changing your configuration to put the cache in /var/lib/postfix and change the permissions back. That's what a fresh install would have given you.

Marking Won't Fix because if you'd upgraded with an old main.cf, you'd have had the same situation. We didn't come up with a safe way to automatically make the change.