On Monday, March 6, 2017 4:10 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
wrote:
>You likely have most of the entries in master.cf chrooted,
>and no log socket in chroot jail ($queue_directory/dev/log or similar).
I have no smtpd line in my master.cf file, and since my postfix version is 2.X
the default is to run chrooted. My queue_directory is /var/spool/postfix
root@messagerie[10.10.10.19] /var/spool/postfix # postconf queue_directory
queue_directory = /var/spool/postfix
root@messagerie[10.10.10.19] /var/spool/postfix #
and there's a /dev/log socket there, but it belongs to root, while the other
files belong to postfix :
root@messagerie[10.10.10.19] /var/spool/postfix # ls
total 80K
drwx------ 2 postfix postfix 12K Mar 6 16:53 active
drwx------ 2 postfix postfix 4.0K Mar 6 15:15 bounce
drwx------ 2 postfix postfix 4.0K Mar 7 2016 corrupt
drwx------ 18 postfix postfix 4.0K Nov 14 08:56 defer
drwx------ 18 postfix postfix 4.0K Nov 14 08:56 deferred
drwxr-xr-x 2 postfix postfix 4.0K Sep 8 09:50 dev
drwxr-xr-x 3 postfix postfix 4.0K Feb 5 10:46 etc
drwx------ 2 postfix postfix 4.0K Mar 27 2016 flush
drwx------ 2 postfix postfix 4.0K Mar 7 2016 hold
drwx------ 2 postfix postfix 4.0K Mar 6 16:53 incoming
drwxr-xr-x 3 postfix postfix 4.0K Mar 7 2016 lib
drwx-wx--- 2 postfix postdrop 4.0K Mar 6 16:53 maildrop
drwxr-xr-x 2 root postfix 4.0K Sep 26 10:52 pid
drwx------ 2 postfix postfix 4.0K Mar 6 10:27 private
drwx--s--- 2 postfix postdrop 4.0K Feb 5 10:46 public
drwx------ 2 postfix postfix 4.0K Mar 7 2016 saved
drwx------ 2 postfix postfix 4.0K Mar 6 10:47 trace
drwxr-xr-x 3 postfix postfix 4.0K Mar 7 2016 usr
root@messagerie[10.10.10.19] /var/spool/postfix # ls dev/log
srw-rw-rw- 1 root root 0 Sep 8 09:50 dev/log
root@messagerie[10.10.10.19] /var/spool/postfix #
> I see no logging from qmgr(8) or smtpd(8) other than the re-injection
>service receiving amavis filtered email.
Correct.
> Fix your master.cf file (turn off chroot).
I would like to make sure I understand the docs correctly before I do this. I
have highlighted here some passages of the postfix documentation that says that
"Sites with high security requirements should consider to chroot all daemons
that talk to the network: the smtp(8) and smtpd(8) processes"...
(Online annotation :
http://genius.it/www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup)
Also, I don't have syslog installed, I have rsyslog instead, and it doesn't
seem to support the -a option
Its man page says that rsyslogd reads from /dev/log, but I don't have it on my
machine.
root@messagerie[10.10.10.19] ~ # ls /dev/log
ls: cannot access /dev/log: No such file or directory
root@messagerie[10.10.10.19] ~ #
But as I was trying to find something in rsyslog's /etc/ files, I found this :
root@messagerie[10.10.10.19] ~ # cat /etc/rsyslog.d/postfix.conf
# Create an additional socket in postfix's chroot in order not to break
# mail logging when rsyslog is restarted. If the directory is missing,
# rsyslog will silently skip creating the socket.
$AddUnixListenSocket /var/spool/postfix/dev/log
root@messagerie[10.10.10.19] ~ #
So it seems that rsyslog is already configured to read from the chrooted
/var/spool/postfix/dev/log socket. Maybe it's just a question of
permissions/ownership ? I told myself.
I changed ownership to postfix:postfix, restarted postfix, restarted rsyslogd,
but still nothing in the logs. Here's an excerpt after sending myself mail from
my yahoo account :
Mar 6 17:25:38 messagerie postfix/cleanup[29757]: 3vcQBV1wdkz3PsZP:
message-id=<1550778990.2912303.1488817535...@mail.yahoo.com>
Mar 6 17:25:41 messagerie postfix/pickup[29551]: 3vcQBY22F7z3PsZY: uid=0
from=<yacinechaou...@yahoo.com>
Mar 6 17:25:41 messagerie postfix/cleanup[29922]: 3vcQBY22F7z3PsZY:
message-id=<1550778990.2912303.1488817535...@mail.yahoo.com>
Mar 6 17:25:41 messagerie postfix/smtpd[29766]: 3vcQBY2gDsz3PsZP:
client=localhost[127.0.0.1]
Mar 6 17:25:41 messagerie postfix/cleanup[29802]: 3vcQBY2gDsz3PsZP:
message-id=<1550778990.2912303.1488817535...@mail.yahoo.com>
Mar 6 17:25:41 messagerie postfix/smtpd[29766]: disconnect from
localhost[127.0.0.1]
Mar 6 17:25:41 messagerie postfix/smtp[29805]: 3vcQBY22F7z3PsZY:
to=<a.chaou...@mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.17,
delays=0.06/0/0/0.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3vcQBY2gDsz3PsZP)
Mar 6 17:25:41 messagerie postfix/pickup[29551]: 3vcQBY3B5Tz3PsZY: uid=0
from=<yacinechaou...@yahoo.com>
Mar 6 17:25:41 messagerie postfix/cleanup[29757]: 3vcQBY3B5Tz3PsZY:
message-id=<1550778990.2912303.1488817535...@mail.yahoo.com>
Mar 6 17:25:41 messagerie postfix/smtpd[29816]: 3vcQBY3zJVz3PsZS:
client=localhost[127.0.0.1]
Mar 6 17:25:41 messagerie postfix/cleanup[29802]: 3vcQBY3zJVz3PsZS:
message-id=<1550778990.2912303.1488817535...@mail.yahoo.com>
Mar 6 17:25:41 messagerie postfix/lmtp[29806]: 3vcQBY2gDsz3PsZP:
to=<a.chaou...@mydomain.tld>,
relay=messagerie.mydomain.tld[private/dovecot-lmtp], delay=0.19,
delays=0.03/0/0/0.16, dsn=2.0.0, status=sent (250 2.0.0
<a.chaou...@mydomain.tld> Vl1yGIWNvVgHdQAA4gj4ZQ Saved)
Mar 6 17:25:41 messagerie postfix/smtpd[29816]: disconnect from
localhost[127.0.0.1]
Mar 6 17:25:41 messagerie postfix/smtp[29764]: 3vcQBY3B5Tz3PsZY:
to=<a.chaou...@backup.mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10024,
delay=0.18, delays=0.07/0/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3vcQBY3zJVz3PsZS)
Mar 6 17:25:41 messagerie postfix/lmtp[29812]: 3vcQBY3zJVz3PsZS:
to=<a.chaou...@backup.mydomain.tld>,
relay=messagerie.mydomain.tld[private/dovecot-lmtp], delay=0.2,
delays=0.03/0/0/0.16, dsn=2.0.0, status=sent (250 2.0.0
<a.chaou...@backup.mydomain.tld> Wl1yGIWNvVgHdQAA4gj4ZQ Saved)
Any tips ?
--
Viktor.
