[BlueOnyx:23952] Re: 5210R: Postfix SNI support - status update

Dirk Estenfeld dirk.estenfeld at blackpoint.de
Tue Jun 9 09:53:40 -05 2020 

Hello Larry,

yes you did gave me the hint in 2017 😊

Maybe you can protect your changed files with "chattr +i  <filename>" against unwanted changes.
However, of course it would be much better if Michael could do the change to Maildir.

Best regards,
Dirk


blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel

-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Larry Smith
Gesendet: Dienstag, 9. Juni 2020 15:57
An: BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
Betreff: [BlueOnyx:23951] Re: 5210R: Postfix SNI support - status update

+10 to this one.  Maildir is much better than mbox.

Have one 5209R server that I converted to Maildir for a client and it works well, I just have to watch every update and change to make sure they don't overwrite my changes.

--
Larry Smith
lesmith at ecsis.net

On Tue June 9 2020 08:44, Dirk Estenfeld wrote:
> Hello Michael,
>
> in 2017 we did discuss about a change fromm mbox to Maildir.
> Last state wasyou want to look into it. This is ~ 3 years ago.
> Now that you have the topic in your hands again anyway, maybe now
> would be a good time to turn the mbox into a Maildir? Maybe only for
> all new installations and the existing installations will remain as they are...
>
> Best regards,
> Dirk
>
> blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel
>
> -----Ursprüngliche Nachricht-----
> Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von
> Michael Stauber Gesendet: Sonntag, 7. Juni 2020 06:43
> An: blueonyx at mail.blueonyx.it
> Betreff: [BlueOnyx:23941] 5210R: Postfix SNI support - status update
>
> Hi all,
>
> A little update on what I've been working on for the last 10 days:
>
> Recently Tomohiro Hosaka gave me the helpful pointers that Dovecot
> finally supports Server Name Indication (SNI). Meaning: It can handle
> more than one SSL cert.
>
> Subsequently I extended the Dovecot configuration on 5210R with
> provisions that Dovecot automatically configures SNI in Dovecot and
> integrates the SSL certificates of all Vsites with SSL enabled.
>
> This was already published as a YUM update and has been out for a bit.
>
> Right after that I looked at how we could equip the MTA end of things
> with SNI as well. Sendmail doesn't support SNI. Using Nginx as
> SMTP-Proxy was briefly considered, but that idea wasn't practical.
>
> Next I looked at replacing Sendmail on 5210R with Postfix.
>
> For that I now have a working demonstrator which allows to switch a
> 5210R back and forth between using Sendmail and Postfix via the GUI.
>
> The Postfix configuration is created on the fly and is based on the
> Sendmail configuration - from which it extracts and sets certain thing
> to populate its own settings.
>
> The AV-SPAM for 5210R had to be overhauled to deal with either
> Sendmail or Postfix and that has also been finished on the
> demonstrator and is now fully working.
>
> Last point on the list: Configure SNI for Postfix - yay! \o/
>
> But guess what? No dice!
>
> Postfix got SNI support in release 3.4.0 as outlined here:
>
> http://www.postfix.org/announcements/postfix-3.4.0.html
>
> The latest available stable version of Postfix is v3.5.2.
>
> Guess which version CentOS 8 ships with?
>
> [root at 5210r ~]# rpm -q postfix
> postfix-3.3.1-9.el8.x86_64
>
> Yoo, RedHat? /me extends middle finger
>
> Or in other words: YOU GOTTA BE FUCKING KIDDING ME! :-(
>
> In hindsight (which is always 20/20) it's clear that RedHat *really*
> picked the worst possible moment to version freeze software for EL8.
> Not only because of Postfix, but also Apache and a couple of other odds and sods.
> But it is what it is. /sigh
>
> Fedora Core 32 does have a Postfix-3.5.2 and FC31 and FC30 have
> Postfix-3.4.10. I've grabbed the SRPM of these and tried to rebuild
> them for CentOS 8 - but so far no luck. But I'll keep trying.
>
> The latest Postfix 3.5.2 builds fine from the sources on CentOS 8, but
> the patches that RedHat applied to 3.5.2 and 3.4.10 in their SRPMs
> make the build fail *hard*. Like so hard that compiled binaries have
> missing symbols. Go figure.
>
> So until we get at least a Postfix v3.4.10 up and running for 5210R we
> still won't have an MTA with SNI support.
>
> Still: Postfix is nice to have and the other "quality of life"
> improvements in this set of updates still make it worthwhile to
> release it
> - even w/o SNI for the MTA.
>
> Sometime next week I expect to publish the YUM updates that make the
> Postfix alternative for 5210R available. Any 5210R installed with
> Sendmail that is currently running Sendmail will continue to use it.
> Until the point that you voluntarily switch it to Postfix via the GUI.
> And if you do, you can always go back to Sendmail again.
>
> Eventually new installs of 5210R will default to use Postfix, but can
> be switched back to Sendmail if wanted.
>
> As for users of the AV-SPAM on 5210R: The currently available AV-SPAM
> v7.0.0 for 5210R will continue to work even after the YUM updates are out.
> But in order to use it with Postfix you'll need the AV-SPAM 7.1.0,
> which will be made available via NewLinQ at the same time that the YUM
> updates for 5210R get released.
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list