|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: trouble running postfix
Subject: Re: trouble running postfix
From: Wietse Venema (wietse
porcupine.org)
Date: Sat Jan 01 2000 - 19:12:26 CST
- Next message: winfried szukalski: "Re: trouble running postfix"
- Previous message: winfried szukalski: "Re: trouble running postfix"
- In reply to: winfried szukalski: "Re: trouble running postfix"
- Next in thread: winfried szukalski: "Re: trouble running postfix"
- Reply: Wietse Venema: "Re: trouble running postfix"
- Reply: winfried szukalski: "Re: trouble running postfix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You just disabled chroot for the SMTP client and server processes.
In that case Postfix is not as secure as it could be.
If you disable chroot for the SMTP client and server processes you
do not need to copy the chroot files to the Postfix queue directory.
Wietse
winfried szukalski:
> SuSE offers a script 'SuSEconfig.postscript', which
> in part contains 'examples/chroot-setup/LINUX2':
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> mkchroot(){
> cd /var/spool/postfix
>
> if [ ! -d etc ]; then
> echo "Setting up chroot-environment..."
> mkdir etc
> fi
>
> cp -f /etc/host.conf etc > /dev/null 2>&1
> cp -f /etc/hosts etc > /dev/null 2>&1
> cp -f /etc/resolv.conf etc > /dev/null 2>&1
> cp -f /etc/services etc > /dev/null 2>&1
>
> cp -f /etc/localtime etc > /dev/null 2>&1
>
> chown -R postfix /var/spool/postfix > /dev/null 2>&1
> }
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> And SuSE has patched 'conf/master.cf':
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> -smtp inet n - n - - smtpd
> +smtp inet n - y - - smtpd
> pickup fifo n n n 60 1 pickup
> cleanup unix - - n - 0 cleanup
> -qmgr fifo n - n 300 1 qmgr
> -rewrite unix - - n - - trivial-rewrite
> -bounce unix - - n - 0 bounce
> -defer unix - - n - 0 bounce
> -smtp unix - - n - - smtp
> +qmgr fifo n - n 5 1 qmgr
> +rewrite unix - - y - - trivial-rewrite
> +bounce unix - - y - 0 bounce
> +defer unix - - y - 0 bounce
> +smtp unix - - y - - smtp
> showq unix n - n - - showq
> error unix - - n - - error
> local unix - n n - - local
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I have now changed the 'y' in both 'smtp' lines
> back to 'n'. And 'postfix-19991231.tar.gz' runs again.
> I hope, this 'n' is not dangerous.
>
> winfried
>
> On Sat, Jan 01, 2000 at 04:57:13PM -0500, Wietse Venema wrote:
> => winfried szukalski:
> => > postfix/smtp[337]: fatal: unknown service: smtp/tcp
> =>
> => cp /etc/services /var/spool/postfix/services
> =>
> => See the examples/chroot-setup directory in the Postfix source code
> => distribution.
> =>
> => Either that, or don't run Postfix daemons chrooted.
> =>
> => Wietse
>
>
>
- Next message: winfried szukalski: "Re: trouble running postfix"
- Previous message: winfried szukalski: "Re: trouble running postfix"
- In reply to: winfried szukalski: "Re: trouble running postfix"
- Next in thread: winfried szukalski: "Re: trouble running postfix"
- Reply: Wietse Venema: "Re: trouble running postfix"
- Reply: winfried szukalski: "Re: trouble running postfix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Sat Jan 01 2000 - 19:13:21 CST