Why and how is Postfix automatically reading main.cf file?

treborrx

1/6/23, 12:05 PM

today I changed TLS cert paths in Postfix main.cf file. Those paths turned out to be broken.

In a few minutes, Postfix has read those changed paths and my TLS connections became broken (becouse of broken paths).

Question 1: Why Postfix automatically reads changes from main.cf file? Is is documented? I can't find any information about it.

Question 2: Can I turn off this behaviour? I expected Postfix to replace certs after reload of the service, not on the fly.

Thanks

105

2 + 0

postfix

Score:1

Server

rvs

1/6/23, 12:43 PM

Most likely Postfix got either restarted or got SIGHUP signal while you were working on the config.

One common cause for daemon restarts/reloads is logrotate: it may restart/reload services so that they re-open their configuration files after log rotation.

It is also possible that Postfix crashed for some other reason and systemd restarted it.

I suggest checking your logs for other events (cron job runs, etc) around the time Postfix went down for you.

0 + 1

treborrx

1/6/23, 6:56 PM

I checked logs, Postfix wasn't restarted or reloaded. Just after I saved main.cf postfix logged: "warning: cannot get RSA certificate from file "/path_to_cert": disabling TLS support"

Score:1

Server

anx

1/7/23, 12:19 AM

Picking up changes is by design standard procedure in most Postfix components. In fact, many parts of Postfix explicitly permit swapping out running processes for new ones at any point. Many configuration parameters are setup to automatically take effect eventually - with or without manual intervention (reload).

Changes to main.cf are picked up automatically, as smtpd(8) processes run for only a limited amount of time. Use the command "postfix reload" to speed up a change. - man 8 smtpd

If the way you manage your certificates makes such reloads undesirable, you are advised to place your certificates and matching keys together in files that are only changed when such reload operation is safe.

With Postfix ≥ 3.4 the preferred way to configure server keys and certificates is via the "smtpd_tls_chain_files" parameter. - man 5 postconf

See the documentation of the smtpd_tls_chain_files parameter for additional explanation.

0 + 1

treborrx

1/7/23, 10:51 AM

All clear, thank you very much! :)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why and how is Postfix automatically reading main.cf file?

TH: เหตุใด Postfix จึงอ่านไฟล์ main.cf โดยอัตโนมัติและอย่างไร

RO: De ce și cum citește Postfix automat fișierul main.cf?

RU: Почему и как Postfix автоматически читает файл main.cf?

VI: Tại sao và làm thế nào Postfix tự động đọc tệp main.cf?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.