Lorenzo Bernardi:
> It looks like "libnss_dns.so.2" cannot be found due to the chrooted
> environment and thus no DNS query can be made (at least for this
> specific call).
> I fixed it by copying the libraries from /lib/x86_64-linux-gnu/ to
> /var/spool/postfix/lib/x86_64-linux-gnu/:
>
> > cp /lib/x86_64-linux-gnu/ /var/spool/postfix/lib/ -R
The problem with making a copy of libnss_dns.so is that the copy
will become outdated, unless the files are (r)synced at regular
times from the host into /var/spool/postfix. Ditto with /etc/{services,
resolv.conf, nsswitch.conf, host.conf, hosts, localtime} and so on.
> This apparently worked as postfix is now able to make DNS queries:
> Shouldn't this be documented somewhere for other people that might
> encounter the issue?
The chroot feature is documented in the master(5) manpage which
describes the master.cf file format.
Chroot (default: Postfix >= 3.0: n, Postfix <3.0: y)
Whether or not the service runs chrooted to the mail queue
directory (pathname is controlled by the queue_directory config-
uration variable in the main.cf file).
Chroot should not be used with the local(8), pipe(8), spawn(8),
and virtual(8) daemons. Although the proxymap(8) server can run
chrooted, doing so defeats most of the purpose of having that
service in the first place.
The files in the examples/chroot-setup subdirectory of the Post-
fix source archive show set up a Postfix chroot environment on a
variety of systems. See also BASIC_CONFIGURATION_README for
issues related to running daemons chrooted.
The examples/chroot-setup files have not been updated in many years.
Every system and every version is different, so use this information
as inspiration, not as gospel.
Wietse
