Public bug reported: Description: Ubuntu Focal Fossa (development branch) Release: 20.04
Postfix 3.4.10-1 There are some typos that have crept into /usr/lib/postfix/configure-instance.sh which keep the postfix chroot environment from working. In the script, there are two sections that copy the SSL certificate paths (often /etc/ssl/certs) into the chroot environment (/var/spool/postscript). This is needed for any chrooted postfix daemon to find the CA certificates. If "smtp_tls_CApath" is not copied to /var/spool/postfix, you will experience errors like: Apr 12 12:27:44 venus postfix/smtp[23477]: certificate verification failed for mx.xyz.de[8.8.8.8]:587: untrusted issuer /O=Digital Signature Trust Co./CN=DST Root CA X3 Apr 12 12:27:44 venus postfix/smtp[23477]: 529761C123E: to=<u...@xyz.de>, relay=mx.xyz.de[8.8.8.8]:587, delay=4024, delays=4024/0.02/0.11/0, dsn=4.7.5, status=deferred (Server certificate not trusted) This is rendering TLS essentially unusable. At the start of each section, a variable named "ca_path" ist defined and should be used thereafter. Alas, the variable is misspelled "sca_path" throughout the first section (starting at line 47) and "dca_path" throughout the second section (starting at line 79). This results in the certificates not being copied. ** Affects: postfix (Ubuntu) Importance: Undecided Status: New ** Tags: chroot postfix tls ** Patch added: "Patch for /usr/lib/postfix/configure-instance.sh (Focal Fossa 20.04)" https://bugs.launchpad.net/bugs/1872288/+attachment/5352447/+files/configure-instance.sh.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872288 Title: Focal Fossa: postfix configure-instance script typos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1872288/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs