Random Notes‎ > ‎

Postfix smtp_tls_CApath on Ubuntu lucid-backports (2.8.1-1~lucid1)

posted Aug 17, 2011, 7:46 AM by William Shallum   [ updated Oct 2, 2014, 1:19 AM ]
I installed postfix from lucid-backports (2.8.1-1~lucid1) and it had a problem in its init script that caused SMTP TLS verification to fail. If the smtp_tls_CApath is outside the chroot, the files inside smtp_tls_CApath will end up in "/var/spool/postfix/${ca_path#/}/${ca_path#/}" instead of "/var/spool/postfix/${ca_path#/}". This is caused by the init script copying using cpio in passthrough mode while feeding it absolute pathnames using find "$ca_path". See https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/828047 for details. 

A workaround would be to use an smtp_tls_CApath that points inside the chroot (/var/spool/postfix). 

Replacing the cpio line with this one works for me:

(cd "$ca_path" && find . -print0 | cpio -0pdL "$dest_dir")

Use at your own risk.
Comments