Wietse Venema put forth on 9/28/2009 7:56 AM: > The problem is using a chroot environment without syslog socket. > >>> Now PLEASE go beat up the maintainers who ship Postfix in a broken >>> configuration. The more people compolain, the more likely that it >>> will get fixed, >> I will surely do so. Is there anything specific I should tell them? Is >> the goal to have them _not_ run Postfix in a chroot, or to fix their >> chroot implementation? > > Tell them to either turn off Postfix chroot, or to provide a working > chroot environment.
Hi Wietse, I was still running Etch (Debian 4.0), which was about 2.5 years old, when I reported this problem (apparently it was never addressed in Postfix security, or other, updates, given that I frequently ran the updates). I've since upgraded to Lenny (Debian 5.0, latest stable release), which uses rsyslog in place of syslogd and klogd. Apparently, with the change to rsyslog and Postfix 2.5.5-1.1 (up from 2.3.8), this was added: greer:/etc/rsyslog.d# cat postfix.conf # Create an additional socket in postfix's chroot in order not to break # mail logging when rsyslog is restarted. If the directory is missing, # rsyslog will silently skip creating the socket. $AddUnixListenSocket /var/spool/postfix/dev/log I checked and I have the directory and the socket. So, thankfully, I don't need to go beat up on the Debian maintainers. :) -- Stan
