On Fri, Jul 23, Matthias Andree wrote: > Greetings, > > I haven't checked if it's a flaw in my configuration, but anyways, > for the records: > > openSUSE 11.3 does not seem to automatically set up the TLS certs > for the chroot if you have smtp_tls_CApath set, but not > smtpd_tls_CApath (note the d in smtp vs. smtpd). > > I needed to do this to get my SMTP client work again: > > sudo c_rehash /etc/ssl/certs/ # just to be on the safe side > sudo rsync -av /etc/ssl/certs/ /var/spool/postfix/etc/ssl/certs > --del --copy-unsafe-links -H > > Note that smtpd_tls_CApath would call rsync -avH, which would copy > symlinks verbatim into the chroot, which get broken along the way > because there is no /usr/share/ca-certificates inside the Postfix > chroot (this is a fault in SuSEconfig.postfix). > > Note that SUSE /etc/ssl/certs .pem files are actually symlinks to > /usr/share/ca-certificates/mozilla/... managed by > update-ca-certificates, hence the copy-unsafe-links. > > I don't currently have time to do a formal bug report against > SuSEconfig.postfix, and I'm unsure if they or I care enough. Perhaps > Carsten Höger reads this?
Although I am reading this, I am sorry to say, that this is no longer my business. I suggest to open a bug at https://bugzilla.novell.com -- With best regards, Carsten Hoeger
pgp2s0msyuksU.pgp
Description: PGP signature
