Fix /etc/postfix/main.cf TLS file paths

[katefike]

Problems

The TLS file is wrong in the postfix config.

kfike@prod:~$ docker exec -it sage-mailserver bash
root@60bc0adc3408:/# ls /etc/letsencrypt/live/prod.sagefinancial.dev
fullchain.pem  privkey.pem
root@60bc0adc3408:/# cat /etc/postfix/main.cf  

...

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Solutions

The path needs to be changed to:

smtpd_tls_cert_file=/etc/letsencrypt/live/prod.sagefinancial.dev/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/prod.sagefinancial.dev/privkey.pem

docker/mailserver/scripts/postfix_dovecot_config_prod.sh is supposed to set the correct file path:

CRT_FILE=/etc/letsencrypt/live/prod.${DOMAIN,,}/fullchain.pem
KEY_FILE=/etc/letsencrypt/live/prod.${DOMAIN,,}/privkey.pem

if [[ -f "${CRT_FILE}" && -f "${KEY_FILE}" ]]; then
    # POSTFIX: TLS in /etc/postfix/main.cf
    postconf -e smtpd_tls_cert_file=${CRT_FILE}
    postconf -e smtpd_tls_key_file=${KEY_FILE}
    postconf -e smtpd_tls_security_level=may
    postconf -e smtp_tls_security_level=may
    # POSTFIX: TLS in /etc/postfix/master.cf
    postconf -M submission/inet="submission   inet   n   -   n   -   -   smtpd"
    postconf -P "submission/inet/syslog_name=postfix/submission"
    postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
else 
    echo 'CRITICAL ERROR: Failed to find TLS cert files'
    exit
fi

Sidenote

The order of when these things happen needs to be evaluated:

1. TLS certs get created
2. TLS certs get copied to the mailserver container
3. TLS certs paths get updated in /etc/postfix/main.cf