Public bug reported:
Description: Ubuntu Focal Fossa (development branch)
Release: 20.04
Postfix 3.4.10-1
There are some typos that have crept into
/usr/lib/postfix/configure-instance.sh which keep the postfix chroot
environment from working.
In the script, there are two sections that copy the SSL certificate
paths (often /etc/ssl/certs) into the chroot environment
(/var/spool/postscript). This is needed for any chrooted postfix daemon
to find the CA certificates.
If "smtp_tls_CApath" is not copied to /var/spool/postfix, you will
experience errors like:
Apr 12 12:27:44 venus postfix/smtp[23477]: certificate verification failed for
mx.xyz.de[8.8.8.8]:587: untrusted issuer /O=Digital Signature Trust Co./CN=DST
Root CA X3
Apr 12 12:27:44 venus postfix/smtp[23477]: 529761C123E: to=<u...@xyz.de>,
relay=mx.xyz.de[8.8.8.8]:587, delay=4024, delays=4024/0.02/0.11/0, dsn=4.7.5,
status=deferred (Server certificate not trusted)
This is rendering TLS essentially unusable.
At the start of each section, a variable named "ca_path" ist defined and
should be used thereafter. Alas, the variable is misspelled "sca_path"
throughout the first section (starting at line 47) and "dca_path"
throughout the second section (starting at line 79). This results in the
certificates not being copied.
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
** Tags: chroot postfix tls
** Patch added: "Patch for /usr/lib/postfix/configure-instance.sh (Focal Fossa
20.04)"
https://bugs.launchpad.net/bugs/1872288/+attachment/5352447/+files/configure-instance.sh.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872288
Title:
Focal Fossa: postfix configure-instance script typos
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1872288/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
