[GF-Users] postfix-tlspol v1.9.1 available upstream

Peter peter at pajamian.dhs.org
Mon Apr 20 14:18:28 MST 2026 

Yeah, I'm not liking these changes.  They are fundamental changes with 
little or no explanation as to why they are made in the git logs or 
change logs.  I was able to find this for the socket file change:

https://github.com/Zuplu/postfix-tlspol/issues/111

I read this as being that they made the change in order to have more 
restrictive permissions on the socket file itself, but the problem is it 
seems to lead down a rabbit hole of issues that they are now resolving 
such as this one:

https://github.com/Zuplu/postfix-tlspol/issues/140

I'm uncomfortable with it because this fundamental change seems to 
affect enterprise stability and requires changes that may very well 
cause other seemingly non-related issues.  That said, that would mean 
that we are stuck with the following options:

1.  Go ahead and implement the change (as you're doing) anyways.

2.  Stick with an older version of the package and start backporting bug 
fixes (this requires a lot more maintenance) and only use the newer 
version in EL11 when it eventually drops.

3.  Include patches that reverse the changes for EL<=10 but which may 
cause issues with further changes in the future.

I don't like any of these options but the one I dislike the most is #2 
due to the increased complexity of maintaining the package.  I'd like 
your input on whether you think 1 or 3 is better.

I'm curious as to why they removed query.sh, I can't find the 
explanation anywhere.

The change you made for OOMPolicy makes sense.

I also noticed you changed the address for the resolver to 127.0.0.1.  I 
find it puzzling that they used 127.0.0.53 but it shouldn't matter 
because 127 is a /8 and any IP address that starts with 127 is loopback. 
  Also since the line is commented out anyways I won't worry about that 
change because for someone to use it they will have to uncomment the 
line in which case they can change it to anything they want at the time.


Peter


On 20/04/2026 22:12, Michael Webb wrote:
> Hi Peter
> 
> v1.9.1 has been released. It has three differences from previous 
> versions that require changes inside the spec file. The upgrade has both 
> new features and fixes, but I think we should wait a few weeks to 
> evaluate stability. At this stage, I am more interested in your feedback 
> about the changes I made to the spec file and whether this is a good 
> change for end-users. I have the package running on an EL10 production 
> system.
> 
> https://github.com/Zuplu/postfix-tlspol/releases <https://github.com/ 
> Zuplu/postfix-tlspol/releases>
> 
> The main changes to the package install that need to be addressed in the 
> spec file are:
> 
> * New systemd socket unit file
> 
> * query.sh file was removed from package
> 
> * New OOMPolicy=continue added to the service unit file, but it will 
> only work EL >= 9
> 
> https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol/ 
> Custom%201.9.1/0/EL10/x86_64/ <https://www.integrilog.com/ 
> adhj5jkuuk2sfsf0/postfix-tlspol/Custom%201.9.1/0/EL10/x86_64/>
> 
> Thanks
> 
> Mike
> 
> 
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users

More information about the users mailing list