Facebook
Twitter
Username: mow
TITLE
Postfix master.cf: submission not changed to use chroot during migration
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Onyx to Obsidian 18.0.35 on debian 9.13
PROBLEM DESCRIPTION
master.cf before migration:
master.cf after migration:
-> smtps is changed to use chroot during the migration, submission is not.
STEPS TO REPRODUCE
have submission enabled in postfix
migrate from onyx to obsidian
try to send mail using SASL DIGEST-MD5 or CRAM-MD5
ACTUAL RESULT
migration sets compatibility_level to 2 in main.cf, so the default for chroot changes from yes to no
migration changes line smpts to use chroot in master.cf, but not line submission, so submission doesn't use chroot anymore
mail submission using SASL DIGEST-MD5 fails with "warning: SASL authentication failure: no secret in database" & "SASL DIGEST-MD5 authentication failed: authentication failure". SASL PLAIN still works, btw.
EXPECTED RESULT
migration also changes line submission to use chroot in master.cf
mail submission works
ANY ADDITIONAL INFORMATION
Manually changed the start of that submission line to
Apparently the similar problem with line smtps was fixed in 18.0.35, but it needs to be applied to submission too.
This needs to be addressed in migration and in mchk.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
TITLE
Postfix master.cf: submission not changed to use chroot during migration
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Onyx to Obsidian 18.0.35 on debian 9.13
PROBLEM DESCRIPTION
master.cf before migration:
Code:
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destinationmaster.cf after migration:
Code:
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination-> smtps is changed to use chroot during the migration, submission is not.
/usr/local/psa/admin/sbin/mchk --with-spam did not change anything in that line either. (Only change I noticed, it removed the VERP workaround ({recipient}->{user}@{nexthop}) from master.cf. But since Obsidian's plesk_virtual is able to handle VERP when enabled, that is okay.)STEPS TO REPRODUCE
have submission enabled in postfix
migrate from onyx to obsidian
try to send mail using SASL DIGEST-MD5 or CRAM-MD5
ACTUAL RESULT
migration sets compatibility_level to 2 in main.cf, so the default for chroot changes from yes to no
migration changes line smpts to use chroot in master.cf, but not line submission, so submission doesn't use chroot anymore
mail submission using SASL DIGEST-MD5 fails with "warning: SASL authentication failure: no secret in database" & "SASL DIGEST-MD5 authentication failed: authentication failure". SASL PLAIN still works, btw.
EXPECTED RESULT
migration also changes line submission to use chroot in master.cf
mail submission works
ANY ADDITIONAL INFORMATION
Manually changed the start of that submission line to
submission inet n - y - - smtpd, postfix reload, mail came in again.Apparently the similar problem with line smtps was fixed in 18.0.35, but it needs to be applied to submission too.
This needs to be addressed in migration and in mchk.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
