So I've done a bit of reading on postfix's internal chrooting capabilities and I thought it would fit exactly what I'm trying to do perfectly. Here is the simple desired functionality:
. I want outbound email name lookups to use a different set of name servers than what the system normally uses in literal /etc/resolv.conf To accomplish this, I set the smtp service to chroot in master.cf and I moved the resolv libraries into /var/spool/postfix/lib and created a /var/spool/postfix/etc/resolv.conf with the nameservers i wanted to use. I'm running Postfix 2.3.3 on CentOS 5.2 (2.6.24) with SELinux. I added the chroot capability for the smtp binary to my SELinux policy. Postfix starts uneventfully, save for the warning about mismatched resolv.conf files, which is what I expect (in fact, is what I want). This is what I'm now seeing when I send mail: . smtpd runs, accepts the mail (opens literal /etc/resolv.conf vs. chroot /etc/resolv.conf and reads that) . proxymap runs next, opens literal /etc/resolv.conf . trivial-rewrite comes next, same resolv.conf . cleanup runs, same resolv.conf . smtp runs, establishes environment, opens literal /etc/resolv.conf - not chroot /etc/resolv.conf, reads contents, *then chroots*, then performs DNS lookups using the wrong DNS servers Why does the chroot happen after the name resolution environment is established? Wouldn't that mean that having the /etc/resolv.conf in the chroot is unnecessary? And more importantly, how can I get smtp outbound to read a different resolv.conf for me? Many thanks, b
