On Mon, 7 Feb 2011 17:49:38 +0100, Stefan Foerster <cite+postfix-us...@incertum.net> wrote:
> [chroot disabled] > ... and the mysql client libraries > will then try to use the unix socket. This socket is, of course, not > present in the chroot.> > Now I know there are better ways around this - use proxymap(8), e.g., > but frankly, I don't ever want to be responsible for any person > entering #postfix and asking why his mysql maps don't work. The repository is yours. As such you are free to diverge from Debian common practice of chrooting Postfix's smtpd. Apparently you did so just to cope with the novice user that does not know how to use MySQL with Postfix chrooted services. As a matter of fact Postfix's original master.cf also disables chroot. > Besides, I never understood why the Debian default installation > chroots smtpd. That would start another (off-topic) discussion: should apps facing the net be chrooted? Does chroot improve security? Personally I tend to think that chroot (as a security measure) is greatly overrated. But that is how Debian does it and we have to cope with this little idiosyncrasies in order to be able to periodically do an 'apt-get dist-upgrade' and just have everything upgraded, with all dependencies taken care for and 'just working'. A quick google search shows that, for years, Wietse have been answering questions related with users trying to use chrooted parts of Postfix. But, I wonder, in his machines does he use chroot or not? > P.S: One last remark: My packages are tagged as "experimental", > meaning that apt(itude|-get) won't install them without further > encouragement. I chose to do this for a reason. Well, yes, there are many more differences that will be shown by a simple diff -r postfix-2.8.0 postfix-2.8.0~cite. Best regards, M.
