On Tue, Oct 23, 2007 at 02:27:37PM +0200, Florian Lindner wrote: > > The problem appears to be if smtpd is chrooted sasl is too. The second > document describes how to use saslauthd with a chrooted postfix. But that > doesn't apply on my case since I don't use saslauthd. It should be mentioned > somewhere that using sasl with the sql plugins and a chrooted smtpd can make > you run into problems. Probably because sasl can't access the mysql socket. > (though the config option sql_hostnames: localhost somehow implies that sasl > is using the lo network to access mysql...) > > I have also heard several times that running postfix chrooted is discourages > from upstream and brings more troubles that it resolves. > This last statement is really what it boils down to. Running a chrooted postfix in anything but the simplest configuration is asking for trouble. I managed to get it working on some servers some time ago, but gave up on it. Anytime I have to setup Postfix, i just unchroot it. Besides, if security is your concern, things like Xen and other virtualzation technologies have made it close to trivial to dedicate a machine just to running Postfix. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature
