[GF-Users] tlsrpt-reporter
Michael Webb
michael.webb at integrilog.com
Sat Sep 27 07:21:12 MST 2025
Peter
Thank you. Not sure if you saw a previous email that I have changed the way I use this package so it is harder for me to test all the options you have created. The upstream design template assumes that each postfix host will have its own tls report database. Problem is that the rfc allows for only one report per day and it is possible that if load balancing / alternate mx's are used that multiple tls reports will be generated from each tlsrpt-reporter instance. I noticed that Microsoft only accepts one report from each email domain. Instead, I have a single tlsrpt-reporter installed on a dedicated host and use socat to connect postfix to its socket. I still have to run run "semanage permissive -a postfix_smtp_t" on the postfix machine to allow postfix general access to socat, and because a unit file is custom, I now also have to use systemctl edit to override part of your install.
It is a new package and I am grateful that we have something working, but I think some discussion is needed between us and upstream developers to help to standardize this a little better. To me the semanage will be system specific, so I don't think we need to include all the options, but rather just document different example at the upstream level just like other packages do. I do agree that my usage is not the most secure implementation, but I will eventually seek out an example how to make a custom permissive secure for my config.
Mike
-----Original Message-----
From: users-bounces at lists.ghettoforge.net <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
Sent: Friday, September 26, 2025 11:06 PM
To: users at lists.ghettoforge.net
Subject: Re: [GF-Users] Postfix-tlspol updated to v1.8.18
This is done now.
BTW I realized that I hadn't properly pushed out the new tlsrpt-reporter packages. I've done that now, can you check and see if the selinux issues are resolved?
Peter
On 27/09/25 13:46, Peter wrote:
> Now building for el8, 9 and 10.
>
>
> Peter
>
>
> On 27/09/25 02:50, Michael Webb wrote:
>> Hi Peter
>>
>> Could you publish when convenient? Postfix-tlspol was updated
>> upstream 3 weeks ago to v1.8.18. It builds successfully for EL8, 9 &
>> 10 using the gf spec file. I have the rpms running on Rocky 9 and 10
>> production systems with no problems. You can find the source and
>> builds at the links below FYI.
>>
>> https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol <https://
>> www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol>
>>
>> https://github.com/Zuplu/postfix-tlspol <https://github.com/Zuplu/
>> postfix-tlspol>
>>
>> Thanks
>>
>> Mike
>>
>>
>> _______________________________________________
>> users mailing list
>> users at lists.ghettoforge.net
>> http://lists.ghettoforge.net/mailman/listinfo/users
>
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users
_______________________________________________
users mailing list
users at lists.ghettoforge.net
http://lists.ghettoforge.net/mailman/listinfo/users
More information about the users
mailing list