> On Jan 16, 2018, at 12:35 PM, James Moe <ji...@sohnen-moe.com> wrote:
>
>>> $ ls -l ssl/
>>> lrwxrwxrwx 1 root root 15 Nov 4 13:04 cacerts -> ../../ssl/certs/
>> The above is not needed, if you configure Postfix to read the system
>> SSL certificate database with "tls_append_default_CA = yes". Not a
>> good idea if you use certificates to allow relaying!
>>
> "tls_append_default_CA = no" in our configuration.
> I am not clear which item is not a good idea: the symlink, or
> "tls_append_default_CA = yes."
Mainly the latter.
> Besides the symlink in the postfix configuration, there is another one
> in the path to the certificates. If I changed the one symlink in
> postfix, would it still warn about the other symlink?
Any symlink in the Postfix configuration directory will raise the
warning.
--
Viktor.
