Package: postfix Version: 2.3.6-1 Severity: wishlist Hi
In order to make certificates accessible in the postfix chroot, the
init-script concatenate all required certificates in a single file, so you
can use the smtp_tls_file and smtp_tls_file stanzas.
My suggestion is to add the following part to the init-script:
CERTFILE=/etc/postfix/all-certificates
rm $CERTFILE
if [ ! ` postconf -n | grep -E "smtpd?_use_tls" > /dev/null` ]; then
# we use TLS
if [ -d /usr/share/ca-certificates; ]
#the ca-certificates package is installed, so we use these certs
cat /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006-cacert.crt >
$CERTFILE
cat /usr/share/ca-certificates/spi-inc.org/spi-ca.crt > $CERTFILE
for i in /usr/share/ca-certifcates/mozilla/*.crt; do
cat $i >> $CERTFILE
done
...
fi
# add site certifcates
for i in /etc/postfix/certs/*.crt
cat $i >> $CERTFILE
done
fi
Of course you can make this whole thing configurable...
Joerg
--
What did you do to the cat? It looks half-dead. -Schroedinger's wife
signature.asc
Description: Digital signature
