Ah, I must apologize, I didn’t phrase my question very well. I already ran the default example script that moves things like resolv.conf to be accessible from the chroot jail. What I meant to ask was more along the line of « In a properly configured root jail, is there any known issues when using postfix with CentOS 7? » . From your answers though, I am guessing this is not the case.
All the components needed for postfix to send from the chroot jail are there, at least according to online documentation as well as the script’s code. Hence why I believe the issue lies elsewhere. The error message itself hints at something more like a limit set on the user than a missing component. Let me paste it here again: unable to look up host mx.planethoster.net <http://mx.planethoster.net/>: Device or resource busy The implication of this error is that the domain planethoster.info <http://planethoster.info/> is resolved, but postfix is prevented from resolving the MX due to a limitation of some kind (a « device » being « busy » ). As a result, it’s not a complete failure in name resolution (in fact, my own tests suggest that A record resolution does work from the jail) but the process gets interrupted midway. There is also no other way that it could resolve the domain locally, as the server is utterly unaware of the planethoster.info <http://planethoster.info/> domain. I realize though that I am out of the scope of this mailing list and I will look into this at the OS level. I just felt I needed to clarify the issue. Jean-Philippe Méthot Openstack system administrator Administrateur système Openstack PlanetHoster inc. > Le 2 sept. 2019 à 22:16, Peter <pe...@pajamian.dhs.org> a écrit : > > On 3/09/19 4:18 AM, Viktor Dukhovni wrote: >>> I just want to make sure, the current stable version of Postfix does work >>> chrooted in current centos 7, right? >> Postfix supports entering a chroot jail. Ensuring that the various >> system libraries that Postfix depends on still work in that jail is >> not the responsibility of Postfix. So the question is perhaps ill-posed. >> Postfix smtp(8) and other services work in a sufficiently well >> constructed chroot jail. Perhaps your question is whether >> Centos 7 comes pre-configured with such a jail? That's a Centos 7 >> question more than a Postfix question, and would be largely independent >> of the Postfix release. > > Neither the postfix that comes with CentOS or the Ghettoforge packages > support chroot. That does not mean that it won't work, but the onus is on > you to set it up and configure the jail. For this particular issue I would > probably venture to say that didn't copy resolv.conf to the chroot jail > properly. It might also be selinux getting in the way. > > Personally I don't recommend running postfix as chroot since it (imo) creates > more problems than it solves, but if you want to you can. I would recommend > writing a script that sets up (and another that tears down) the jail and > calling it from ExecStartPre and ExecStartPost systemd service files. How to > do that is a bit beyond the scope of this mailing list, but you should be > able to get help from systemd channels elsewhere. A bit more specifically > you can add in a directory and file and import it into systemd so it takes > precedence over but does not overwrite the postfix service file that comes > packaged with postfix. > > Let me know if you need any more help. > > > Regards, > > > Peter Ajamian
