Thomas Ackermann:
> Hello,
> i am running postfix 2.4.5 on a OpenSuse 10.3 Linux server.
>
> I think, i have done everything right to chroot most postfix service.
>
> But i cannot proove or even see this!
>
>
> My main.cf contains the following:
>
> ########################
> smtps inet n - y - - smtpd -o
> smtpd_tls_wrappermode=yes -v -v -v -v -v
> pickup fifo n - y 60 1 pickup
> cleanup unix n - y - 0 cleanup
> qmgr fifo n - y 300 1 qmgr
> tlsmgr unix - - y 1000? 1 tlsmgr
> rewrite unix - - y - - trivial-rewrite
> bounce unix - - y - 0 bounce
> defer unix - - y - 0 bounce
> trace unix - - y - 0 bounce
> verify unix - - y - 1 verify
> flush unix n - y 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - y - - smtp -v -v -v -v -v
> relay unix - - - - - smtp -v -v -v -v -v
> -o fallback_relay=
> showq unix n - y - - showq
> error unix - - y - - error
> discard unix - - y - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - y - - lmtp
> anvil unix - - y - 1 anvil
> scache unix - - y - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> cyrus unix - n n - - pipe
> user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
> ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
> procmail unix - n n - - pipe
> flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
> ${sender} ${recipient}
> ########################
>
> This is mostly default on that OpenSuse box - only the "-v -v -v - v -v"
> was added and the chroot-Options enabled for all but the "pipe",
> "local", "virtual" and "proxymap" services.
>
> Also, i executed
> /usr/share/doc/packages/postfix/examples/chroot-setup/LINUX2 to add
> chroot-parts to /var/spool/postfix
>
> I stopped postfix and started it again.
>
>
> But with no postfix process, i can see that the "root" link unter
> /proc/<pid>/ is directed against /var/spool/postfix.
> Also, i tried to send mail while having "fuser" commands run
> continuously over /var/spool/postfix/lib/* and /var/spool/postfix/etc/*
> Not one such file in the chroot-environment seems to be read by any process!
For a quick test you could rename /var/spool/postfix/lib and
/var/spool/postfix/etc and see what breaks.
If your file system updates file atimes, then you can use those to
see what files/directories are being used. Otherwise you'll have
to log kernel events that show which inodes are being touched by
Postfix processes.
Wietse
