Hello, I was just digging through the documentation on running various postfix processes chrooted. I found the recommendation that at least the network-facing daemons be chrooted, but it appears that almost everything in master.cf can be. What's the current BCP for what to chroot and what not to chroot?
This box in particular (and probably another few boxes) will not be doing local delivery - they are either acting as relays for authenticated customers or mxers fronting an old qmail/vpopmail install. I assume things are slightly more complex if I need to deliver mail locally. I did not detect any issues when basically setting chroot to "y" on everything, but that seemed too simple... Also, I could not find a clear list of what postfix requires in the chroot environment. I looked at the "Freebsd3" script, and populated etc/ inside the chroot as indicated and I added a syslog socket. Do I need any other devices like /dev/null, /dev/[u]random, etc? It would be great to have the hard requirements in the online docs. Thanks, Charles
