Greetings,
I haven't checked if it's a flaw in my configuration, but anyways, for the
records:
openSUSE 11.3 does not seem to automatically set up the TLS certs for the
chroot if you have smtp_tls_CApath set, but not smtpd_tls_CApath (note the
d in smtp vs. smtpd).
I needed to do this to get my SMTP client work again:
sudo c_rehash /etc/ssl/certs/ # just to be on the safe side
sudo rsync -av /etc/ssl/certs/ /var/spool/postfix/etc/ssl/certs --del
--copy-unsafe-links -H
Note that smtpd_tls_CApath would call rsync -avH, which would copy
symlinks verbatim into the chroot, which get broken along the way because
there is no /usr/share/ca-certificates inside the Postfix chroot (this is
a fault in SuSEconfig.postfix).
Note that SUSE /etc/ssl/certs .pem files are actually symlinks to
/usr/share/ca-certificates/mozilla/... managed by update-ca-certificates,
hence the copy-unsafe-links.
I don't currently have time to do a formal bug report against
SuSEconfig.postfix, and I'm unsure if they or I care enough. Perhaps
Carsten Höger reads this?
Best
--
Matthias Andree
