On 25/08/2021 04:01, Jean-François Bachelet wrote:
Hello ^^)
In the today's report I've got from PFLogsumm about the Postfix
activity from yesterday I have a warning that I see here :
Aug 24 19:48:55 servername postfix/postfix-script[1187]: warning:
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
/etc/ssl/certs/ca-certificates.crt differ
first, what is surprising (to me) is that there is a copy of
etc/ssl/certs/ca-certificates.crt contents in /var/spool/postfix/ssl ???
isn't /var/spool/postfix for spooling mails ? so why finding
configuration stuff there ? (ssl/cert, hosts, host.conf, localtime,
nsswitch.conf, passwd, resolv.conf, services)
then that the ca-certificates.crt are different between the two places...
btw, if this is wanted, why the two cert files aren't in sync and why
I don't get a warning each day with the report while the two cert
files are out of sync since august 21 as I can see by the dates of the
files ???
I've upgraded my server from buster to bullseye on august, 21, is it a
side effect ?
You are running postfix chrooted, or you previously ran it chrooted and
have not cleaned out the old chrooted files. If/when you are no longer
running any postfix processes chrooted, you can remove a lot of cruft
from /var/spool/postfix - including /var/spool/postfix/ssl.
This may be caused by a change in default behaviour: postfix <3.0.0 ran
processes chrooted by default (i.e. where chroot entry in master.cf was
set to '-'), this changed to non-chrooted by default for postfix >=3.0.0.