Postfix config broken after update to 4.3-1

tpfann · June 15, 2018, 12:53pm

Hi all,

after no mail was sent out today by our UCS-server, i found the root cause for this within the postfix configuration file (main.cf). At least 2 lines were changed/deleted (e.g.):

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
was replaced with:
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
and smtp_use_tls = yes was removed completley.

After fixing this two lines and restarting the postfix-service, sending mail is working again.

Furthermore I can see now the following warning in the mail.log file:

Postfix is running with backwards-compatible default settings
See http://www.postfix.org/COMPATIBILITY_README.html for details
To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"

Im wondering now if this needs to be applied and what else was changend or needs to be taken into account after the update to 4.3.1?

Any hint would be much appreciated, thx.

Best regards
Thomas

Moritz_Bunkus · June 15, 2018, 1:56pm

Hey,

Postfix’ main.cf has always been generated from a template, at least as long as the package univention-mail-postfix has been around.

In the case of enabling SASL for the SMTP client, you can set the UCR variable mail/relayauth to true. You can add arbitrary options via the file /etc/postfix/main.cf.local (run ucr commit /etc/postfix/main.cf after modifying main.cf.local in order to include its content in main.cf).

Learn more about configuring Postfix for relaying with authentication here, about custom options for main.cf here and about how template files work and how to modify them here.

Kind regards,
mosu

Moritz_Bunkus · June 15, 2018, 1:58pm

About the compatibility warning: that’s more or less a cosmetic issue; see this bug report.

tpfann · June 16, 2018, 6:11am

Hi mosu,

thanks for your feedback - I was not aware about the template (main.cf.local), this makes perfect sense.

Regarding to the compatibility warning it was stated in the bug report:
“I think, with UCS 4.3-1, we can change the default to compat level 3.”

I guess this is still open and must be set manually in the main.cf.local file - correct?

Best regards
Thomas

Moritz_Bunkus · June 16, 2018, 6:48am

You can set the option for now, yes, and it likely won’t make much of a difference if any from a functional standpoint for you. If in doubt, take a look at the affected options.