From 65d3ec0436dea9135cbe1a33f4f9d8e69b6629ea Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Sun, 16 Sep 2012 23:51:51 +0200
Subject: CApath.

---
 fripost-docs.org | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fripost-docs.org b/fripost-docs.org
index 00baf00..fa698d3 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -1352,6 +1352,16 @@ In the rest of this section, we assume there is a tunnel from the master
 LDAP server to the machine that hosts SASLauthd (i.e., ldap://127.0.0.1:3890 on
 this machine actually speaks to the master).
 
+**** CApath
+
+As of Debian Squeeze, Postfix doesn't copy the content of 'smtp_tls_CApath' and
+'smtpd_tls_CApath' in the chroot jail. This leads to a flood of "Untrusted
+connections" since Postfix doesn't have any root CA to trust.
+To do it by hand, copy the files (don't forget the symlink targets) under
+'/var/spool/postfix/etc/ssl/certs' and c_rehash this last directory.
+
+A script is availble in the fripost-admin repository.
+
 **** Configure SASLauthd
 
  :: /etc/default/saslauthd
-- 
cgit v1.2.3