JDP wrote:
>
>>> I am trying to set up MailScanner using Postfix on Suse 9.3. It
>>> will just scan mail and afterward pass it on to another mail
>>> server. I am looking at the documentation, but I can't tell how to
>>> chroot jail in /var/spool/postfix. Can someone shed some light on
>>> this for me?
>> Postfix daemons can be chroot when the corresponding flag (fifth
>> column) is set in master.cf. Which daemon do you want to chroot?
>>
>> Here are some how-to's about Postfix chroot:
>>
>>
http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup
>>
http://www.postfix.org/INSTALL.html#hamlet>>
>> PS: You might want to know that Mailscanner uses unsupported features
>> of Postfix, so you can not expect a lot of support from the postfix
>> mailing list.
>
> Thank you Sandy. I am in a total bind here. I was running MailScanner &
> Sendmail on Mandrake, but that server crashed completely. I was
> working on the Suse box as an eventual replacement, but now I need to
> get it up and running as quickly as possible. Oh boy!
Okay, that is a priority. I can't help you with the Mailscanner
integration, unfortunately. Was it the heat?
> I am looking at the Postfix main.cf, but I don't see where to chroot
> the daemon; # LOCAL PATHNAME INFORMATION # # The queue_directory
> specifies the location of the Postfix queue. # This is also the root
> directory of Postfix daemons that run chrooted. # See the files in
> examples/chroot-setup for setting up Postfix chroot # environments on
> different UNIX systems. # queue_directory = /var/spool/postfix
>
> The chroot-setup dir has a script for Suse 5.3
>
> What is the best way to do this?
Hm, perhaps you are working on the basis of uncorrect assumptions. Postfix
is composed of different daemons for different tasks, it is not a
monolithic beast like sendmail 8.x, more like Sendmail X.
Postfix is also very concerned about security, the only incident I can
recall in the last years was introduced by a third-party TLS-Patch for
Postfix 2.1. So I wouldn't worry too much about chrooting the daemons if
you're in a hurry to set up the system.
In the master.cf you can see lines for most of the daemons.
==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - 100 smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
^
|
Change here to "y" or "-" for chroot execution. Though you should be aware
that chroot installations are not easy. I haven't bothered till now to set
up a chroot environment. Depending on your setup you might run into
problems, such as connections to mysql database breaking, no name server
resolution for smtp delivery etc.
You can try the chroot-setup script. In your case, it might even work
since you are setting up a pure relay server without local delivery.
I would suggest you start without chroot, then set up a test environment
wher you can test your installation without dead line pressure.
Sandy
--
List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
--
Check the headers for your unsubscription address
For additional commands send e-mail to
[hidden email]
Also check the archives at
http://lists.suse.comPlease read the FAQs:
[hidden email]
Locked
