SNI Postfix Support 6.10 + CentOS 8

After a long waiting period, I upgraded to 6.10 to test letsencypt to postfix, but it was not possible, firstly that version 3.4 of postfix is not available CentOS 8, I will probably need it manually, and the Services Certificates screen is listing everyone for the same “Webmin”.

There was no error in the update, and it is my first use with Virtualmin, I would like to know if there is anything to do.

I didn’t realize CentOS 8 didn’t have it. I’m sure someone said CentOS 8 was coming with SNI support. But, I guess not. Oh, well.

I guess we’ll have to wait. It’s possible I can be convinced to add 3.4 to our repos…but, I really don’t have a lot of spare time to devote to that kind of thing right now.

Those missing service certificates options look odd. I don’t think it happened in my memory. I assume, Webmin hasn’t been reload properly.

Try:

/etc/webmin/restart

firstly that version 3.4 of postfix is not available CentOS 8,

You are welcome to try and report back the following solution -

CentOS repos are full of cobwebs and we know this going in. What’s strange is that Postfix 3.4 isn’t available from EPEL.

I don’t need SMTP SNI but for those who do I think Dovecot MSA is worth considering. The software is already installed, and if it works anything like a web server proxy Postfix may no longer need a certificate. Dovecot’s SSL supports SNI and it can pass SASL authentication to Postfix.

I didn’t know Postfix could authenticate through Dovecot. I’d considered a switch off of Cyrus SASL to Courier in the past, due to some various annoyances, but I much prefer Dovecot in general (more actively developed, broader documentation and tutorials and examples, code is more modern and comprehensible to me). Maybe for Virtualmin 8 (7 is probably too near, but we’re aiming for a new major version every year, so they’re smaller and more manageable but we keep seeing steady forward progress, so 8 won’t be extremely far out), we’ll make that switch. It’d be nice to reduce package count and improve functionality.

2 Likes

Dovecot MSA sounds a lot like POP-before-SMTP auth, I wonder if that’s how it evolved. MSA still needs the MTA but Virtualmin already offers two that are known to work with it. Just an idea to spice up the stew, I realize you guys have enough on your plates as it is.

I upgraded Postfix with the GhettoForge repos and it was surprisingly painless.

Mind you, I’m far from any kind of Postfix expert, so I had backups of my backups. Literally. I also had plenty of coffee on hand. Based on my previous experiences hosing Postfix, I was kind of expecting the upgrade to morph into an all-nighter.

It was, however, painless. Other than the usual warnings about not referencing the hostname twice in main.cf, which said warnings are easily fixed, it was uneventful.

/etc/webmin/postfix/version does have to manually updated, however, for Webmin / Virtualmin to know Postfix has been updated.

I should add the server in question hosts only sites that I personally own. I would be a bit more cautious if it hosted clients’ sites. Hosing my own stuff is one thing. Hosting clients’ stuff is another.

Richard

Next version of Webmin will handle it correctly.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.