William Shallum

Postfix smtp_tls_CApath on Ubuntu lucid-backports (2.8.1-1~lucid1)

Posted Aug 17 2011, 14:46 by William Shallum [updated Oct 2 2014, 08:19]

I installed postfix from lucid-backports (2.8.1-1~lucid1) and it had a problem in its init script that caused SMTP TLS verification to fail. If the smtp_tls_CApath is outside the chroot, the files inside smtp_tls_CApath will end up in "/var/spool/postfix/${ca_path#/}/${ca_path#/}" instead of "/var/spool/postfix/${ca_path#/}". This is caused by the init script copying using cpio in passthrough mode while feeding it absolute pathnames using find “$ca_path”. See https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/828047 for details.

A workaround would be to use an smtp_tls_CApath that points inside the chroot (/var/spool/postfix).

Replacing the cpio line with this one works for me:

(cd "$ca_path" && find . -print0 | cpio -0pdL "$dest_dir")

Use at your own risk.