> The default master.cf as distributed by postfix has all services as > chroot "n", and that is the recommended setting. > -- Noel Jones
Thanks Noel. Interesting. From http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup, the recommendation seems to be to use chroot wherever possible. In fact, it says: "The author's own porcupine.org mail server runs all daemons chrooted that can be chrooted." (Maybe this is left over from when the default for chroot was "y"?) The Debian/Ubuntu package defaults seem to be following that advice. But evidently, the default distributed by postfix is going the other way. That leaves a basic user like me unsure of what to do. So, let me ask my question this way: Given that the default master.cf file from Ubuntu (see below) has chroot="y" for the cleanup service, then presumably they've also done whatever needs to be done to make cleanup work inside the chroot jail. So, given all of that, does it make sense to continue using chroot=y for cleanup (and pre-cleanup)? Or should I switch to chroot=n anyway? Thanks, Michael # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) $ postconf -Mf smtp inet n - y - - smtpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
