Earl Killian:
> In main.cf I have
>
> smtpd_tls_dh1024_param_file = /etc/postfix/dh4096.pem
>
> The permissions on these files are 400 (probably far more restrictive
> than necessary). Since a cron scripts generates these files monthly, I
> use a symlink to a subdir to avoid cluttering /etc/postfix:
>
> # ls -l dh*
> lrwxrwxrwx 1 root root 20 Mar 5 20:14 dh1536.pem -> dh/dh1536.pem.201703
> lrwxrwxrwx 1 root root 13 Mar 5 21:21 dh4096.pem -> dh/dh4096.pem
Symlinks are not supported, because they usually point out
of the (secure) postfix config directory to some random place.
Why not use hard links, or use rsync to replace files?
(do not ask me to add bash-specific syntax or new dependencies to
the postfix-script file).
Wietse
