Greetings,
During recent infrastructure updates, I ran into an oddity using a
check_ccert_access rule on postfix built without SASL support. The following
warning is logged:
Oct 30 14:03:22 postfix/submission/smtpd[7724]: warning: restriction
`check_ccert_access' ignored: no SASL support
Despite the warning, the rule still behaves correctly. This appears to be a
mistaken #ifdef placement in generic_checks() in src/smtpd/smtpd_check.c. An
obvious patch is attached, though there's a chance I misunderstood something
subtle so please review accordingly.
Thanks,
-Brad
--- a/src/smtpd/smtpd_check.c 2021-10-30 14:07:05.215801324 +0000
+++ b/src/smtpd/smtpd_check.c 2021-10-30 14:07:14.495823061 +0000
@@ -4374,8 +4374,8 @@
}
} else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) {
status = check_ccert_access(state, *cpp, def_acl);
-#ifdef USE_SASL_AUTH
} else if (is_map_command(state, name, CHECK_SASL_ACL, &cpp)) {
+#ifdef USE_SASL_AUTH
if (var_smtpd_sasl_enable) {
if (state->sasl_username && state->sasl_username[0])
status = check_sasl_access(state, *cpp, def_acl);
