On 2024-10-06 at 04:34:16 UTC-0400 (Sun, 06 Oct 2024 10:34:16 +0200)
Danjel Jungersen via Postfix-users <dan...@jungersen.dk>
is rumored to have said:
Hey!
Can someone explain this to me (being a newbie).
That seems like a very open query...
The maintainer of the Debian (and by descent, Ubuntu) Postfix package
long ago decided to take advantage of Postfix's support for chroot by
enabling it on more components of Postfix than the defaults. That
created many potential issues because Postfix itself doesn't populate
the chroot jail with the necessary files. The Debian install process
*should* handle that, but it is inherently fragile. Using simple chroot
to isolate net-connected daemons was a bit of a fad in security many
years ago which has mostly been replaced by more robust models like
"containers" and FreeBSD's "jails" which don't rely on support in the
constrained processes.
Problems due to a chroot can present as name resolution discrepancies
due to variant config files inside the chroot and seemingly bogus "no
such file or directory" errors for missing items.
I've had zero issues installing postfix, rspamd, dovecot, clamav on
debian.
At least not issues that sound like chroot is the culprit.
Just because I would like to be prepared for upcoming issues AND
because I'm curious.
Best regards
Danjel
On 6 October 2024 02:05:24 CEST, Wietse Venema via Postfix-users
<postfix-users@postfix.org> wrote:
Vincent Lefevre via Postfix-users:
[ Charset ISO-8859-1 converted... ]
On 2024-10-04 19:27:13 -0400, Wietse Venema via Postfix-users wrote:
[...]
But wait there is more: dependencies of nsswitch.conf, dependencies
for timezone conversion, and so on, that are scattered over the
file system.
For Debian, I've reported
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084167
to have chroot disabled by default (thus, like upstream), and
saying that various issues due to the chroot had already been
reported (there seem to be at least a dozen!).
Thank you. This may help Postfix adoption.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
