lejeczek via Postfix-users:
>
>
> On 23/07/2023 16:00, Wietse Venema wrote:
> > lejeczek via Postfix-users:
> >> -> $ postfix reload # did not work, new certs/files where
> >> only picked up with "full" restart, with "systemd" in this case.
> >>
> >> and when done, then server-postifx supplied new certs
> >> immediately - clients where happy.
> >>
> >> I was thinking "glitch" for perhaps SElinux labels and the
> >> files prevented access to 'postfix' - I noticed my Nginx
> >> were not good for those labels, at that time - but then I'd
> >> think 'postfix' would error out, also then how & where would
> >> it cache older certs making it available to itself.
> > You appear to have a systemd integration problem, where a relaod
> > request is not propagated to running Postfix instances.
> >
> > Until that is fixed by your Linux disto mainteiner, use "postfix
> > reload" which has always worked properly.
> >
> > Wietse
> I did show my 'cmd' - it was not systemd's reload
When you type "postfix reload" as root,
- This is what you should see in the terminal window:
# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
- This is what you should see in the log:
Mmm dd hh:mm:ss myhostname postfix/postfix-script[nnn]: refreshing the
Postfix mail system
Mmm dd hh:mm:ss myhostname postfix/master[nnn]: reload -- version x.y.z,
configuration /etc/postfix
You may want to verify that the logging was produced when you
replaced your key or certificate files.
As documented, after "postfix reload" running Postfix programs will
terminate at their earliest convenience.
This means that those processes WILL NOT ABORT connections that are
in progress. Instead, Postfix SMTP clients and servers will terminate
when an existing connection is closed, and will read certificate
or key files when a new process is started.
You can verify in the logs that after "postfix reload" the old
processes did no start work on new connections. That is, compare
the process IDs for new connections with the process ID logged in
the postfix/postfix-script line.
Postfix programs DO NOT make persistent copies of certificate or
key files; they read that information into volatile memory. If you
replace the content of a certificate or key file, then the old
content no longer exists in any file, and after a Postfix SMTP
client or server terminates, that old content no longer exists in
process memory.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
