nagmat84
Apprentice
Joined: 27 Mar 2007
Posts: 297
|
 Posted: Fri Dec 08, 2023 9:03 pm Post subject: Pstfix chroot directory misses important files |
 |
|
For security reasons, the Postfix daemon chroots into /var/spool/postfix. Postfix needs copies of certain files (like /etc/resolv.conf) inside that chroot directory in order to work properly. I noticed that Gentoo does not create those filse nor does it copy those files when Postfix starts.
Did I miss something? Is that a bug in Gentoo? How do I solve this issue?
Background:
I recently migrated my mail server from some other host running on Ubuntu to Gentoo. I did not simply copy over my old Postfix configuration, but did a sensitive re-configuration. (Thanks to etc-keeper this was not much trouble.) However, Postfix fails to work on Gentoo. In particular, I got strange errors like "unable to resolve gmail.com; domain unknown". Hence, I started to investigate what is different between an Ubuntu Postfix configuration and a Gentoo Postfix configuration.
Postfix chroots into /var/spool/postfix on both systems (i.e. Ubuntu and Gentoo), because that is the upstream default. On Ubuntu I get
| Code: | root@server-old:~ # ls /var/spool/postfix
active bounce corrupt defer deferred dev etc flush hold incoming lib maildrop pid private public restart rspamd saved trace usr
|
on my new Gentoo box I get
| Code: | server ~ # ls /var/spool/postfix
active bounce corrupt defer deferred flush hold incoming maildrop pid private public rspamd saved trace
|
As one can see the following directories are missing on Gentoo: On Ubuntu, I get | Code: | root@server-old:~ # ls /var/spool/postfix/{dev,etc,lib,usr}
/var/spool/postfix/dev:
random urandom
/var/spool/postfix/etc:
host.conf hosts localtime nsswitch.conf resolv.conf services ssl
/var/spool/postfix/lib:
x86_64-linux-gnu
/var/spool/postfix/usr:
lib
|
. So the important files like `/dev/random`, `/etc/host.conf`, `/etc/hosts`, `/etc/resolv.conf`, etc., are missing on a Gentoo default setup.
Further, I noticed another short-coming on Gentoo. When I change one of the original files on Ubuntu, lets say /etc/resolv.conf, a subsequent invocation of "postconf" gives me a warning that the original file and the copy inside the chroot differ. The next time when I call "systemctl reload postfix.service", the start-up script of Ubuntu re-copies the changed file into the chroot. On Gentoo, nothing of that sort happens.
Has anybody experienced similar issues with Postfix on Gentoo? It feels like a bug, especially that the start-up script on Gentoo does not copy the necessary files. But maybe I missed a configuration option to enable that behavior on Gentoo. |
|
Networking & Security
