On 2024-12-15 12:33, Viktor Dukhovni via Postfix-users wrote:
>
>> LogRateLimitIntervalSec=0
>
> Nice in theory, but neither Wietse nor I distribute systemd service
> definition files,
Why is that? Service units are best provided upstream.
In case of postfix, having magnitude of options, hardened by-default
service, or at least hardening comments ("You might uncomment this if
not using that") would be PITA for sure - but every journey starts from
the first step.
Actually postfix is one of few services I got not "sanitized", so I've
spawned entire dedicated container instead...
One scenario I've hit is running with NoNewPrivileges= (i.e. noSUID) has
broken maildrop (there's an SGID helper), which I got used so rarely
that haven't noticed for some time.
> It fails when there are multiple coöperating processes doing the
> logging. Precisely because a stream socket is chosen.
But /dev/log in systemd is datagram socket...
https://github.com/systemd/systemd/blob/main/src/basic/log.c#L196
...and falls back to stream only on some "legacy" systems, there's the
comment:
/* Some legacy syslog systems still use stream sockets.
They really shouldn't. But what can
* we do... */
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
