Package: postfix-mysql Version: 2.1.5-9 Severity: grave Justification: renders package unusable
When you configure a chrooted smtpd server and have mysql lookup maps, behind the proxymap service, you end up having problems with either local delivery or access to the maps in smtpd. *** Problem *** Attempt #1: alias_maps = mysql:/etc/postfix/myalias.cf hash:/etc/aliases This results in: May 3 16:08:57 marvin postfix/smtpd[25105]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) That's because the smtpd server is chrooted. Attempt #2: alias_maps = proxy:mysql:/etc/postfix/myalias.cf hash:/etc/aliases This results in: May 3 16:09:57 marvin postfix/local[25151]: fatal: mysql:/etc/postfix/myalias.cf: proxy map is not allowed for security sensitive data That's because proxymap doesn't transmit what is considered sensitive data. Not sure why the alias maps considered as such, maybe because it can talk to NIS and such... *** Fixes: *** This phenomenon is documented in postfix: http://www.postfix.org/postconf.5.html#alias_maps "The local(8) delivery agent will silently ignore requests to use the proxymap(8) server within alias_maps. Instead it will open the table directly. Before Postfix version 2.2, the local(8) delivery agent will terminate with a fatal error." Therefore, a fix would be to upload 2.2 to sarge, but I have the sad feeling this is not going to happen... Maybe 2.1 could be patched for that? *** Workaround *** #1: don't chroot smtpd #2: talk to mysql on 127.0.0.1 #3: use a mount --bind to export the mysql rundir to the postfix chroot -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-1-386 Locale: LANG=fr_CA, LC_CTYPE=fr_CA (charmap=ISO-8859-1) Versions of packages postfix-mysql depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libmysqlclient14 4.1.11-1 mysql database client library ii postfix 2.1.5-9 A high-performance mail transport -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
