Hello Larry, yes you did gave me the hint in 2017 😊
Maybe you can protect your changed files with "chattr +i <filename>" against unwanted changes. However, of course it would be much better if Michael could do the change to Maildir. Best regards, Dirk blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel -----Ursprüngliche Nachricht----- Von: Blueonyx <blueonyx-boun...@mail.blueonyx.it> Im Auftrag von Larry Smith Gesendet: Dienstag, 9. Juni 2020 15:57 An: BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it> Betreff: [BlueOnyx:23951] Re: 5210R: Postfix SNI support - status update +10 to this one. Maildir is much better than mbox. Have one 5209R server that I converted to Maildir for a client and it works well, I just have to watch every update and change to make sure they don't overwrite my changes. -- Larry Smith lesm...@ecsis.net On Tue June 9 2020 08:44, Dirk Estenfeld wrote: > Hello Michael, > > in 2017 we did discuss about a change fromm mbox to Maildir. > Last state wasyou want to look into it. This is ~ 3 years ago. > Now that you have the topic in your hands again anyway, maybe now > would be a good time to turn the mbox into a Maildir? Maybe only for > all new installations and the existing installations will remain as they > are... > > Best regards, > Dirk > > blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel > > -----Ursprüngliche Nachricht----- > Von: Blueonyx <blueonyx-boun...@mail.blueonyx.it> Im Auftrag von > Michael Stauber Gesendet: Sonntag, 7. Juni 2020 06:43 > An: blueonyx@mail.blueonyx.it > Betreff: [BlueOnyx:23941] 5210R: Postfix SNI support - status update > > Hi all, > > A little update on what I've been working on for the last 10 days: > > Recently Tomohiro Hosaka gave me the helpful pointers that Dovecot > finally supports Server Name Indication (SNI). Meaning: It can handle > more than one SSL cert. > > Subsequently I extended the Dovecot configuration on 5210R with > provisions that Dovecot automatically configures SNI in Dovecot and > integrates the SSL certificates of all Vsites with SSL enabled. > > This was already published as a YUM update and has been out for a bit. > > Right after that I looked at how we could equip the MTA end of things > with SNI as well. Sendmail doesn't support SNI. Using Nginx as > SMTP-Proxy was briefly considered, but that idea wasn't practical. > > Next I looked at replacing Sendmail on 5210R with Postfix. > > For that I now have a working demonstrator which allows to switch a > 5210R back and forth between using Sendmail and Postfix via the GUI. > > The Postfix configuration is created on the fly and is based on the > Sendmail configuration - from which it extracts and sets certain thing > to populate its own settings. > > The AV-SPAM for 5210R had to be overhauled to deal with either > Sendmail or Postfix and that has also been finished on the > demonstrator and is now fully working. > > Last point on the list: Configure SNI for Postfix - yay! \o/ > > But guess what? No dice! > > Postfix got SNI support in release 3.4.0 as outlined here: > > http://www.postfix.org/announcements/postfix-3.4.0.html > > The latest available stable version of Postfix is v3.5.2. > > Guess which version CentOS 8 ships with? > > [root@5210r ~]# rpm -q postfix > postfix-3.3.1-9.el8.x86_64 > > Yoo, RedHat? /me extends middle finger > > Or in other words: YOU GOTTA BE FUCKING KIDDING ME! :-( > > In hindsight (which is always 20/20) it's clear that RedHat *really* > picked the worst possible moment to version freeze software for EL8. > Not only because of Postfix, but also Apache and a couple of other odds and > sods. > But it is what it is. /sigh > > Fedora Core 32 does have a Postfix-3.5.2 and FC31 and FC30 have > Postfix-3.4.10. I've grabbed the SRPM of these and tried to rebuild > them for CentOS 8 - but so far no luck. But I'll keep trying. > > The latest Postfix 3.5.2 builds fine from the sources on CentOS 8, but > the patches that RedHat applied to 3.5.2 and 3.4.10 in their SRPMs > make the build fail *hard*. Like so hard that compiled binaries have > missing symbols. Go figure. > > So until we get at least a Postfix v3.4.10 up and running for 5210R we > still won't have an MTA with SNI support. > > Still: Postfix is nice to have and the other "quality of life" > improvements in this set of updates still make it worthwhile to > release it > - even w/o SNI for the MTA. > > Sometime next week I expect to publish the YUM updates that make the > Postfix alternative for 5210R available. Any 5210R installed with > Sendmail that is currently running Sendmail will continue to use it. > Until the point that you voluntarily switch it to Postfix via the GUI. > And if you do, you can always go back to Sendmail again. > > Eventually new installs of 5210R will default to use Postfix, but can > be switched back to Sendmail if wanted. > > As for users of the AV-SPAM on 5210R: The currently available AV-SPAM > v7.0.0 for 5210R will continue to work even after the YUM updates are out. > But in order to use it with Postfix you'll need the AV-SPAM 7.1.0, > which will be made available via NewLinQ at the same time that the YUM > updates for 5210R get released. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx > > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
