Using sasl-xoauth2 in Postfix
=============================

In many common configurations of sasl-xoauth2 on Postfix in debian,
the sasl module will be loaded by postfix within the standard chroot.

When the SASL module emits https requests, it needs X.509 trust
anchors to verify the remote server.  By default, the standard trust
anchors aren't in the chroot.

You can put them in the chroot by setting chroot_extra_CAdir or
chroot_extra_files to the appropriate values.

Please see section 2A of /usr/share/doc/postfix/README.Debian.gz for
more details.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Thu, 23 Feb 2023 18:49:27 -0500