Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)

To: debian-user@lists.debian.org
Subject: Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
From: Michael Shuler <michael@pbandjelly.org>
Date: Tue, 20 Mar 2007 23:52:05 -0500
Message-id: <[🔎] 4600B9F5.8090100@pbandjelly.org>
In-reply-to: <[🔎] 46010BA6.6080404@gmail.com>
References: <[🔎] 46009A62.2070006@pbandjelly.org> <[🔎] 46010130.7090407@gmail.com> <[🔎] 4600A528.1070800@pbandjelly.org> <[🔎] 46010BA6.6080404@gmail.com>

Mihira Fernando wrote:
> Do you have btree support installed for postfix ? As I recall, the
> smtp(d)_session_cache_database parameters are in the default main.cf
> file but btree support is _not_ installed by default.
> If you're not using these 2 parameters I suggest you comment them out
> and reload postfix.

I thought btree was berkley db, which is installed, but I could be wrong
there - I have not found any promising looking packages when apt-cache
searching for btree or postfix, so I am not sure what those might be.

I reinstalled 2.3.8, commented out the btree lines, reloaded, and have
the same behavior as previously with the same warnings.

#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

> Also I assume you got postfix-policyd on 127.0.0.1:60000 ? it is fully
> operational right ?

postgrey is listening on 127.0.0.1:60000 and has been functioning
properly under 2.3.7.

To rule out all the variables, I left the btree lines commented out,
commented out my check_policy_service, set smtpd_use_tls=no, and
restarted.  This works fine.

I then added the check_policy_service line back, to re-add postgrey into
the mix, restarted, and this works fine.

When I add back smtpd_use_tls=yes and restart, then I have problems..

>From looking at the changelog entry and my trials, this does appear to
be an issue with the current libssl/openssl 0.9.8c-4 that I am hitting -
the postfix changelog states:
20070225
  "Workaround: Disable SSL/TLS ciphers when the underlying symmetric
algorithm is not available in the OpenSSL crypto library at the required
bit strength. Problem observed with SunOS 5.10's bundled OpenSSL 0.9.7
and AES 256. Also possible with OpenSSL 0.9.8 and CAMELLIA 256. Root
cause fixed in upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases."

Kind Regards,
Michael

Reply to:

Follow-Ups:
- Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
  - From: Mihira Fernando <mihiratheace@gmail.com>

References:
- broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
  - From: Michael Shuler <mshuler@pbandjelly.org>
- Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
  - From: Mihira Fernando <mihiratheace@gmail.com>
- Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
  - From: Michael Shuler <mshuler@pbandjelly.org>
- Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
  - From: Mihira Fernando <mihiratheace@gmail.com>

Prev by Date: Re: Uninstall (nearly) everything installed after spacific date
Next by Date: Re: your email has been received, please register to send
Previous by thread: Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
Next by thread: Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
Index(es):
- Date
- Thread