I’m setting up a new postfix based on sources (via MacPorts) and master has this configuration snippet:
smtp inet n - y - 1 postscreen smtpd pass - - y - - smtpd -o receive_override_options=no_address_mappings dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy My certificates live outside the chroot jail, but I expected tlsproxy to handle it (and it is not chrooted). Instead, my log says: Oct 05 11:35:21 mail postfix/smtpd[2218]: cannot load Certification Authority data, CAfile="/etc/certificates/www.rna.nl.F1BCD75E0F6DD3B3B0145CB328699BDEEF21FA5C.chain.pem": disabling TLS support Does chrooting smtpd require a local copy of certificates inside the chroot jail? Or can this be ignored because I use postscreen to handle port 25? But then, why does my log say: Oct 05 11:41:50 mail postfix/smtpd[2338]: connect from unknown[192.168.2.67] instead of Oct 05 11:41:50 mail postscreen[2338]: connect from unknown[192.168.2.67] if I connect to port 25 from another machine? How do I know I’m connected to postscreen, not to smtpd? (Note, syslog is completely broken on macOS, so I depend on logging to mail log files). I’m running postfix 3.4.6. Gerben Wierda Chess and the Art of Enterprise Architecture <http://enterprisechess.com/> Mastering ArchiMate <http://masteringarchimate.com/> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
