Victor Duchovni:
> On Tue, Dec 29, 2009 at 11:19:11AM -0500, Dennis Putnam wrote:
>
> > Hi Wietse,
> >
> > I am running OS X (10.6.2) but beyond that I don't know what security
> > software might interfere as Apple hides a lot from the admin. However,
> > as I stated in an earlier reply, TLS seems to be working without that
> > parameter. The only thing that gives me pause, is that I get this warning
> > in the log for incoming TLS connections:
> >
> > postfix/tlsmgr[67966]: warning: no entropy source specified with parameter
> > tls_random_source
> >
>
> I'll look into this when I get a chance to test Postfix on a 10.6
> system. It is possible that /dev/urandom does not support poll(2)
> with Snow Leopard. Unlike /dev/random, it is a non-blocking device,
> so arguably no polling is required, the poll() should always succeed
> immediately of course, failing is anti-social.
>
> We may need a new main.cf option to enable blocking reads of the entropy
> device, or a new MacOSX-specific compile-time flag to trigger read()
> rather than timed_read() of the entropy device.
Is Postfix is still the default MTA? If so then it is surprising
than this /dev/urandom bug was not found during testing.
Allowing /dev/*random to block Postfix is not a good idea, because
these reads are done by a single tlsmgr process.
Wietse
