Public bug reported: Since the (overdue) update from maverick to natty, my Postfix no longer recognizes the certificates.
Apparently the reason is that the smtp_tls_CApath, which is set to /etc/ssl/certs, is improperly copied into the chroot area, namely to /var/spool/postfix/etc/ssl/certs/etc/ssl/certs, rather than /var/spool/postfix/etc/ssl/certs where it belongs. In /etc/postfix/main.cf, I have smtp_tls_CApath = /etc/ssl/certs and smtp runs chrooted (from looking at /etc/postfix/master.cf). The certificate bundle appears to be setup properly, only the .pem/.0 files from the directory seem to be affected. Workaround: sudo postconf -e smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt sudo service postfix restart >From looking at what I get when running sh -x postfix, it would seem that + find /etc/ssl/certs -print0 + cpio -0pdL /var/spool/postfix/etc/ssl/certs.NEW causes the duplication of paths - the cpio input file list is fully concatenated to the cpio destination path. ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: postfix 2.8.5-2~build0.11.04 ProcVersionSignature: Ubuntu 2.6.38-15.61-generic-pae 2.6.38.8 Uname: Linux 2.6.38-15-generic-pae i686 NonfreeKernelModules: nvidia Architecture: i386 Date: Wed Jul 18 19:30:51 2012 EcryptfsInUse: Yes ProcEnviron: LANGUAGE=de_DE:de:en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: postfix UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: postfix (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 natty regression-release -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/1026261 Title: [regression] mail stalls; postfix chroot setup nests /etc/ssl/certs to deep To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1026261/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs