On Fri, Jun 03, 2022 at 11:09:08AM +0200, Matus UHLAR - fantomas wrote:
> >Also can you "apt-get source postfix", and post a link to the tarball?
>
> this will unpack the tarball in local directory.
> I use standard debian packages, there's SASL related patch but it doesn't
> seem to affect this issue
>
> https://sources.debian.org/patches/postfix/3.5.6-1/
> https://sources.debian.org/patches/postfix/3.5.6-1/07_sasl_config.diff/
The patch introduces a "SASL_CB_GETCONFPATH" callback, that indeed adds
"/etc/postfix/sasl" to the SASL config search path. This creates two
conflicting ways to set the location, with the patch likely overriding
"cyrus_sasl_config_path", and not providing any mechanisms to choose
alternative locations.
This patch is IMHO obsolete and counterproductive, and should be
deprecated. Debian should take advantage of "cyrus_sasl_config_path",
possibly with a custom compile-time default, or else just set at
install, or at upgrade time (if not already set, and the previous
Postfix version contains the patch).
The only thing to decide is whether the upstream mechanism behind
"cyrus_sasl_config_path" should continue to use the simple
sasl_set_path() API:
https://github.com/cyrusimap/cyrus-sasl/blob/master/include/sasl.h
or (for no obvious reason) switch to the more elaborate callback used in
the Debian patch:
https://github.com/cyrusimap/cyrus-sasl/blob/master/include/sasl.h#L678-L687
which seems to be more popular, despite the needlessly fancy ceremony.
--
Viktor.
