Hi Viktor, thanks for response.
I also tried to put the openssl.conf file inside the jail but the rewrite
doesn't read it and is it possible to pass the OPENSSL_CONF environment
variable to the rewrite process?
Regards
Em terça-feira, 8 de dezembro de 2020 13:08:58 AMT, Viktor Dukhovni
<postfix-us...@dukhovni.org> escreveu:
On Tue, Dec 08, 2020 at 04:55:03PM +0000, Ricardo Barbosa wrote:
> ------------mysql-virtual-mailbox-domain.cf-------------------------
> user = postfix
> password = xxxxx
> dbname = email
> hosts = 192.168.11.11
> query = SELECT dominio AS "virtual" FROM dominios WHERE dominio='%s'
> tls_CAfile =/etc/postfix/rds-combined-ca-bundle.pem
> -----------------------------------------------------------------------------------
>
> But unsuccessfully, I did this procedure changing the MinProtocol
> variable for the TLSv1, TLSv1.1 and TLSv1.2 protocols, but without
> success The log message
>
> -------mail.log-------
> Dec 8 13:36:45 server postfix/trivial-rewrite[1880]: warning: connect to
> mysql server 192.168.11.11: SSL connection error:
> SSL_CTX_set_default_verify_paths failed
> -------------------------
Is the "trivial-rewrite" service configured to use "chroot" in your
master.cf file? Best to disable any chroot for now.
--
Viktor.
