Debian runs most postfix services in a chroot, with the consequence that the resolv.conf file may become obsolete. This is a particular annoyance on a laptop, where this file typically changes often as the laptop moves from one place to another. At
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070120#27 there is a strong recommendation that at least smtp, smtpd and relay services should not run in a chroot. However, the master(5) man page (for postfix 3.9.0) does not say anything about this issue. The only recommendation is Chroot should not be used with the local(8), pipe(8), spawn(8), and virtual(8) daemons. Although the proxymap(8) server can run chrooted, doing so defeats most of the purpose of having that service in the first place. The files in the examples/chroot-setup subdirectory of the Postfix source show how to set up a Postfix chroot environment on a variety of systems. See also BASIC_CONFIGURATION_README for issues related to running daemons chrooted. But BASIC_CONFIGURATION_README adds nothing more. What is the official recommendation? Shouldn't the documentation (master(5) man page and BASIC_CONFIGURATION_README file) be updated? Note: Another suggestion in the Debian bug was to bind mount ro /etc/resolv.conf to /var/spool/postfix/etc/resolv.conf (but note that there may be other files involved, perhaps at least for those who use the resolvconf Debian package). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
