OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Postfix Archives: Re: trouble running postfix

Re: trouble running postfix

Subject: Re: trouble running postfix
From: winfried szukalski (szukw000mail.uni-mainz.de)
Date: Sat Jan 01 2000 - 21:51:18 CST

I have found a more up-to-date 'SuSEconfig.postscript' and could
switch the 'chroot=n' for 'smtp' back to 'chroot=y'. But there
is a lot of stuff now:

keun:# du /var/spool/postfix/etc
14 /var/spool/postfix/etc
keun:# du /var/spool/postfix/lib
1698 /var/spool/postfix/lib

Is this overkill really necessary?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mkchroot()
{
  cd /var/spool/postfix

  if [ ! -d etc ]; then
    echo "Setting up chroot-environment..."
    mkdir etc > /dev/null 2>&1
  fi

  if [ ! -d lib ]; then
    mkdir lib > /dev/null 2>&1
  fi
  if [ ! -d usr/lib/zoneinfo ]; then
        mkdir -p usr/lib/zoneinfo > /dev/null 2>&1
  fi

  cp -f /lib/libnss_dns* lib > /dev/null 2>&1
  cp -f /lib/libnss_db* lib > /dev/null 2>&1
  cp -f /lib/libnss_files* lib > /dev/null 2>&1
  cp -f /lib/libresolv* lib > /dev/null 2>&1
  cp -f /lib/libdb* lib > /dev/null 2>&1

  cp -f /etc/host.conf etc > /dev/null 2>&1
  cp -f /etc/nsswitch.conf etc > /dev/null 2>&1
  cp -f /etc/resolv.conf etc > /dev/null 2>&1
  cp -f /etc/services etc > /dev/null 2>&1

  cp -f /etc/localtime etc > /dev/null 2>&1
  ln -sf /etc/localtime usr/lib/zoneinfo > /dev/null 2>&1

  chown -R postfix /var/spool/postfix > /dev/null 2>&1
}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2000 thanks :)

winfried

On Sat, Jan 01, 2000 at 08:12:26PM -0500, Wietse Venema wrote:
=> You just disabled chroot for the SMTP client and server processes.
=>
=> In that case Postfix is not as secure as it could be.
=>
=> If you disable chroot for the SMTP client and server processes you
=> do not need to copy the chroot files to the Postfix queue directory.
=>
=> Wietse
=>
=> winfried szukalski:
=> > SuSE offers a script 'SuSEconfig.postscript', which
=> > in part contains 'examples/chroot-setup/LINUX2':
=> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=> > mkchroot(){
=> > cd /var/spool/postfix
=> >
=> > if [ ! -d etc ]; then
=> > echo "Setting up chroot-environment..."
=> > mkdir etc
=> > fi
=> >
=> > cp -f /etc/host.conf etc > /dev/null 2>&1
=> > cp -f /etc/hosts etc > /dev/null 2>&1
=> > cp -f /etc/resolv.conf etc > /dev/null 2>&1
=> > cp -f /etc/services etc > /dev/null 2>&1
=> >
=> > cp -f /etc/localtime etc > /dev/null 2>&1
=> >
=> > chown -R postfix /var/spool/postfix > /dev/null 2>&1
=> > }
=> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=> > And SuSE has patched 'conf/master.cf':
=> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=> > -smtp inet n - n - - smtpd
=> > +smtp inet n - y - - smtpd
=> > pickup fifo n n n 60 1 pickup
=> > cleanup unix - - n - 0 cleanup
=> > -qmgr fifo n - n 300 1 qmgr
=> > -rewrite unix - - n - - trivial-rewrite
=> > -bounce unix - - n - 0 bounce
=> > -defer unix - - n - 0 bounce
=> > -smtp unix - - n - - smtp
=> > +qmgr fifo n - n 5 1 qmgr
=> > +rewrite unix - - y - - trivial-rewrite
=> > +bounce unix - - y - 0 bounce
=> > +defer unix - - y - 0 bounce
=> > +smtp unix - - y - - smtp
=> > showq unix n - n - - showq
=> > error unix - - n - - error
=> > local unix - n n - - local
=> >
=> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=> > I have now changed the 'y' in both 'smtp' lines
=> > back to 'n'. And 'postfix-19991231.tar.gz' runs again.
=> > I hope, this 'n' is not dangerous.
=> >
=> > winfried
=> >
=> > On Sat, Jan 01, 2000 at 04:57:13PM -0500, Wietse Venema wrote:
=> > => winfried szukalski:
=> > => > postfix/smtp[337]: fatal: unknown service: smtp/tcp
=> > =>
=> > => cp /etc/services /var/spool/postfix/services
=> > =>
=> > => See the examples/chroot-setup directory in the Postfix source code
=> > => distribution.
=> > =>
=> > => Either that, or don't run Postfix daemons chrooted.
=> > =>
=> > => Wietse

This archive was generated by hypermail 2b27 : Sat Jan 01 2000 - 21:05:40 CST