On Wed, Jun 01, 2022 at 12:03:43AM -0400, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Wed, Jun 01, 2022 at 01:35:56PM +1000, raf wrote: > > > > So what did they do? > > > > > > > $ postconf -d cyrus_sasl_config_path > > > > cyrus_sasl_config_path = > > > > $ postconf cyrus_sasl_config_path > > > > cyrus_sasl_config_path = > > > > $ dpkg-query -S /etc/postfix/sasl > > > > postfix: /etc/postfix/sasl > > > > > > What would make anything look there? > > > > That's a very good question. I have no idea. I searched for > > /etc/postfix/sasl in all files, not just the executable ones, and > > found nothing that explains it. And there are no symlinks to it, > > either. > > > > The Debian Postfix/SASL wiki page definitely indicates that that > > directory is where Postfix's SASL config files go: > > > > https://wiki.debian.org/PostfixAndSASL > > > > I experimented to see if /etc/postfix/sasl is really used, and it > > looks like it isn't. I think that my settings just happen to coincide > > with libsasl2's defaults. > > Now it all begins to make sense, the Debian docs are wrong, and the > search path is the default one (in no-way Postfix-specific) compiled > into Cyrus SASL. > > And if some distro wants a Postfix-specific location, they'd need to > mess around with symlinks or set "cyrus_sasl_config_path" by compiling > in a different default value, or arranging for an override in main.cf at > install time. > > So my suggested doc patch is pretty close, except perhaps that there > are no distros actually doing this??? In which case the doc tweak > can be somewhat different. > > -- > Viktor. That sounds about right. I suspect that Debian did some customization along these lines in the past (at least in Debian7) but they aren't doing it any more (Debian11). I've added instructions to set cyrus_sasl_config_path in that debian Postfix/SASL wiki page, and added a few SASL mechanisms that aren't completely insecure, but it's still not great. I might just add a note there to read Postfix's SASL_README. cheers, raf
