Debian Bug report logs - #620310
postfix: Certificate errors appear in /var/log/mail.info (not mail.err or mail.warn)

version graph

Package: postfix; Maintainer for postfix is Debian Postfix Team <[email protected]>; Source for postfix is src:postfix (PTS, buildd, popcon).

Reported by: Francois Marier <[email protected]>

Date: Thu, 31 Mar 2011 23:15:01 UTC

Severity: normal

Found in version postfix/2.8.2-1

Reply or subscribe to this bug.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to [email protected], LaMont Jones <[email protected]>:
Bug#620310; Package postfix. (Thu, 31 Mar 2011 23:15:04 GMT) (full text, mbox, link).

Acknowledgement sent to Francois Marier <[email protected]>:
New Bug report received and forwarded. Copy sent to LaMont Jones <[email protected]>. (Thu, 31 Mar 2011 23:15:04 GMT) (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

From: Francois Marier <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: postfix: Certificate errors appear in /var/log/mail.info (not mail.err or mail.warn)
Date: Fri, 01 Apr 2011 12:10:45 +1300
Package: postfix
Version: 2.8.2-1
Severity: normal

I use smtp.gmail.com as a smarthost but I hardcode its cert fingerprint in my postfix
config to help prevent MITM attacks.
 
  relayhost = smtp.gmail.com:587
  smtp_generic_maps = hash:/etc/postfix/generic
  smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 
  smtp_sasl_auth_enable = yes
  smtp_sasl_security_options = noanonymous
  smtp_tls_security_level = fingerprint
  smtp_tls_mandatory_ciphers = high
  smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
  smtp_tls_fingerprint_digest = sha1
  smtp_tls_fingerprint_cert_match =
    DB:A0:2A:07:00:F9:E3:23:7D:07:E7:52:3C:95:9D:E6:7E:12:54:3F

A few days ago, smtp.gmail.com changed its cert and so postfix rightfully decided not
to connect to it and kept on queueing mail locally instead. The problem is that the
only sign that this was happening was in /var/log/mail.info:

  Mar 31 18:51:20 hostname postfix/smtp[3937]: 6B2815B4528: to=<[email protected]>, relay=smtp.gmail.com[74.125.53.109]:587, delay=36, delays=33/0.56/2.7/0, dsn=4.7.5, status=deferred (Server certificate not verified)

I've got both /var/log/mail.warn and /var/log/mail.err in /etc/logcheck/logcheck.logfiles
and I was expecting such an important message to be at least considered a warning.

Could the priority of that particular error message be bumped?

Cheers,
Francois

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 13:01:39 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.