Fix for Postfix crash in 9.0.0p13 FIPS mode

Ask questions about your setup or get help installing ZCS server (ZD section below).
rjeth0
Posts: 3
Joined: Sun Sep 01, 2019 8:44 pm

Fix for Postfix crash in 9.0.0p13 FIPS mode

Postby rjeth0 » Mon Apr 19, 2021 9:27 pm

Just thought I'd report a problem we had, and found a solution for. We updated from 9.0.0p12 to 9.0.0p13 on a CentOS 8 FIPS-mode system, and followed the instructions at https://wiki.zimbra.com/wiki/Zimbra_Rel ... PS_Support

In particular, the instructions have you do

Code: Select all

$ zmlocalconfig -e ldap_starttls_supported=0
$ postconf -e "lmtp_tls_fingerprint_digest = sha256"


After the update, outbound e-mail was getting queued (with a transport failure) and not delivered. Looking at zimbra.log, the Postfix smtp process was crashing with signal 11 (SIGSEGV) whenever it tried to deliver an outgoing message.

It turns out you also have to do:

Code: Select all

$ postconf -e "smtp_tls_fingerprint_digest = sha256"


on installing 9.0.0p13 if you're on a FIPS system. (Note "smtp" in addition to "lmtp".) Then it worked fine. Looks like the release notes need updating...


User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2237
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: Fix for Postfix crash in 9.0.0p13 FIPS mode

Postby L. Mark Stone » Tue Apr 20, 2021 12:33 pm

This is important; have you opened a Support Case with Zimbra to get the Release Notes updated?
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
rjeth0
Posts: 3
Joined: Sun Sep 01, 2019 8:44 pm

Re: Fix for Postfix crash in 9.0.0p13 FIPS mode

Postby rjeth0 » Wed Apr 21, 2021 12:16 am

Yes, I did just now.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2237
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: Fix for Postfix crash in 9.0.0p13 FIPS mode

Postby L. Mark Stone » Thu Apr 22, 2021 1:11 pm

Terrific, thank you. I also apprised Support unofficially, pointing them to this thread, but a real Support Case is what's needed to get the issue looked at formally.

Thanks again,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 5 guests