> I wrote README.postfix.html for amavisd-new many years ago and I don't > recall > why master.cf was in the state it was by then. I wouldn't say it the > documentation is in error - it's has simply not seen any update in many > years.
Ah, OK. Thanks. That explains the differences. > Personally I don't use content_filter and smtpd_proxy_filter anymore. I > prefer > the MILTER interface over the other methods. If you are interested in this > and > if you can read German (or are able to handle google translate ;) you may > read > my blog https://sys4.de/de/blog/2015/07/31/amavisd-milter-howto/ for > instructions. OK. Thanks. > The all general answer is: If you plan to run Postfix chrooted, chroot as > much > as you can. It's a design question. Chrooting a service like Postfix comes > at > the price of quite some management overhead. You can automate most of > that, > but you need to take care of it. > > Many years ago Wietse wrote chrooting Postfix only makes sense on a > hardened > server. I agree with that. If the server isn't hardened, forget to chroot > the > service as there are very likely much more easily exploitable "entry > points" > to the server. OK. That all makes sense and provides me a good recommendation. Michael
