Hello,
i am running postfix 2.4.5 on a OpenSuse 10.3 Linux server.
I think, i have done everything right to chroot most postfix service.
But i cannot proove or even see this!
My main.cf contains the following:
########################
smtps inet n - y - - smtpd -o
smtpd_tls_wrappermode=yes -v -v -v -v -v
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp -v -v -v -v -v
relay unix - - - - - smtp -v -v -v -v -v
-o fallback_relay=
showq unix n - y - - showq
error unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}
########################
This is mostly default on that OpenSuse box - only the "-v -v -v - v -v"
was added and the chroot-Options enabled for all but the "pipe",
"local", "virtual" and "proxymap" services.
Also, i executed
/usr/share/doc/packages/postfix/examples/chroot-setup/LINUX2 to add
chroot-parts to /var/spool/postfix
I stopped postfix and started it again.
But with no postfix process, i can see that the "root" link unter
/proc/<pid>/ is directed against /var/spool/postfix.
Also, i tried to send mail while having "fuser" commands run
continuously over /var/spool/postfix/lib/* and /var/spool/postfix/etc/*
Not one such file in the chroot-environment seems to be read by any process!
So far, i have no confirmation about anything running chrooted!
How can i check this?
What can i do?
Any idea?
