On 01/12/2018 06:27 PM, Wietse Venema wrote: > >> $ ls -l ssl/ >> lrwxrwxrwx 1 root root 15 Nov 4 13:04 cacerts -> ../../ssl/certs/ > The above is not needed, if you configure Postfix to read the system > SSL certificate database with "tls_append_default_CA = yes". Not a > good idea if you use certificates to allow relaying! > "tls_append_default_CA = no" in our configuration. I am not clear which item is not a good idea: the symlink, or "tls_append_default_CA = yes." Besides the symlink in the postfix configuration, there is another one in the path to the certificates. If I changed the one symlink in postfix, would it still warn about the other symlink?
-- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think.
signature.asc
Description: OpenPGP digital signature
