[BlueOnyx:23951] Re: 5210R: Postfix SNI support - status update

Larry Smith lesmith at ecsis.net
Tue Jun 9 08:57:23 -05 2020 

+10 to this one.  Maildir is much better than mbox.

Have one 5209R server that I converted to Maildir for a client
and it works well, I just have to watch every update and change
to make sure they don't overwrite my changes.

-- 
Larry Smith
lesmith at ecsis.net

On Tue June 9 2020 08:44, Dirk Estenfeld wrote:
> Hello Michael,
>
> in 2017 we did discuss about a change fromm mbox to Maildir.
> Last state wasyou want to look into it. This is ~ 3 years ago.
> Now that you have the topic in your hands again anyway, maybe now would be
> a good time to turn the mbox into a Maildir? Maybe only for all new
> installations and the existing installations will remain as they are...
>
> Best regards,
> Dirk
>
> blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel
>
> -----Ursprüngliche Nachricht-----
> Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
> Stauber Gesendet: Sonntag, 7. Juni 2020 06:43
> An: blueonyx at mail.blueonyx.it
> Betreff: [BlueOnyx:23941] 5210R: Postfix SNI support - status update
>
> Hi all,
>
> A little update on what I've been working on for the last 10 days:
>
> Recently Tomohiro Hosaka gave me the helpful pointers that Dovecot finally
> supports Server Name Indication (SNI). Meaning: It can handle more than one
> SSL cert.
>
> Subsequently I extended the Dovecot configuration on 5210R with provisions
> that Dovecot automatically configures SNI in Dovecot and integrates the SSL
> certificates of all Vsites with SSL enabled.
>
> This was already published as a YUM update and has been out for a bit.
>
> Right after that I looked at how we could equip the MTA end of things with
> SNI as well. Sendmail doesn't support SNI. Using Nginx as SMTP-Proxy was
> briefly considered, but that idea wasn't practical.
>
> Next I looked at replacing Sendmail on 5210R with Postfix.
>
> For that I now have a working demonstrator which allows to switch a 5210R
> back and forth between using Sendmail and Postfix via the GUI.
>
> The Postfix configuration is created on the fly and is based on the
> Sendmail configuration - from which it extracts and sets certain thing to
> populate its own settings.
>
> The AV-SPAM for 5210R had to be overhauled to deal with either Sendmail or
> Postfix and that has also been finished on the demonstrator and is now
> fully working.
>
> Last point on the list: Configure SNI for Postfix - yay! \o/
>
> But guess what? No dice!
>
> Postfix got SNI support in release 3.4.0 as outlined here:
>
> http://www.postfix.org/announcements/postfix-3.4.0.html
>
> The latest available stable version of Postfix is v3.5.2.
>
> Guess which version CentOS 8 ships with?
>
> [root at 5210r ~]# rpm -q postfix
> postfix-3.3.1-9.el8.x86_64
>
> Yoo, RedHat? /me extends middle finger
>
> Or in other words: YOU GOTTA BE FUCKING KIDDING ME! :-(
>
> In hindsight (which is always 20/20) it's clear that RedHat *really* picked
> the worst possible moment to version freeze software for EL8. Not only
> because of Postfix, but also Apache and a couple of other odds and sods.
> But it is what it is. /sigh
>
> Fedora Core 32 does have a Postfix-3.5.2 and FC31 and FC30 have
> Postfix-3.4.10. I've grabbed the SRPM of these and tried to rebuild them
> for CentOS 8 - but so far no luck. But I'll keep trying.
>
> The latest Postfix 3.5.2 builds fine from the sources on CentOS 8, but the
> patches that RedHat applied to 3.5.2 and 3.4.10 in their SRPMs make the
> build fail *hard*. Like so hard that compiled binaries have missing
> symbols. Go figure.
>
> So until we get at least a Postfix v3.4.10 up and running for 5210R we
> still won't have an MTA with SNI support.
>
> Still: Postfix is nice to have and the other "quality of life"
> improvements in this set of updates still make it worthwhile to release it
> - even w/o SNI for the MTA.
>
> Sometime next week I expect to publish the YUM updates that make the
> Postfix alternative for 5210R available. Any 5210R installed with Sendmail
> that is currently running Sendmail will continue to use it. Until the point
> that you voluntarily switch it to Postfix via the GUI. And if you do, you
> can always go back to Sendmail again.
>
> Eventually new installs of 5210R will default to use Postfix, but can be
> switched back to Sendmail if wanted.
>
> As for users of the AV-SPAM on 5210R: The currently available AV-SPAM
> v7.0.0 for 5210R will continue to work even after the YUM updates are out.
> But in order to use it with Postfix you'll need the AV-SPAM 7.1.0, which
> will be made available via NewLinQ at the same time that the YUM updates
> for 5210R get released.
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list