Package: postfix Version: 3.1.0-5 Severity: important Dear Maintainer,
Since Postfix 3.0 the 'chroot' column in the master.cf defaults to 'n'
(in compatibility_level=2 at least). With a 'chroot' column initially
set to '-', the postinst script messes up and break the master.cf by
moving services around and forcing services to be chrooted.
~$ sudo apt upgrade
[…]
Setting up postfix (3.1.0-5) ...
setting explicit chroot on /etc/postfix:smtp/inet/chroot
[…]
setting explicit chroot on /etc/postfix:local/unix/chroot
setting explicit chroot on /etc/postfix:virtual/unix/chroot
setting explicit chroot on /etc/postfix:lmtp/unix/chroot
setting explicit chroot on /etc/postfix:anvil/unix/chroot
setting explicit chroot on /etc/postfix:scache/unix/chroot
setting explicit chroot on /etc/postfix:maildrop/unix/chroot
setting explicit chroot on /etc/postfix:uucp/unix/chroot
setting explicit chroot on /etc/postfix:ifmail/unix/chroot
setting explicit chroot on /etc/postfix:bsmtp/unix/chroot
Postfix is now set up with the changes above. If you need to make changes,
edit
/etc/postfix/main.cf (and others) as needed. To view Postfix configuration
values, see postconf(1).
After modifying main.cf, be sure to run 'service postfix reload'.
See master.cf diff attached. In particular, it chroots local(8), which
breaks mail delivery to local UNIX users.
I don't understand why the postinst script insists on changing the
chroot column in the master.cf when upgrading from Postfix >= 3.0.
Actually I thought the purpose of compatibility_level was precisely to
avoid messing up the master.cf on upgrade. (By default a user upgrading
from Postfix < 3.0 will have compatibility_level=0, hence the 'chroot'
column will retain its default value 'y'.)
http://www.postfix.org/COMPATIBILITY_README.html#chroot
Thanks for maintaining Postfix,
cheers,
--
Guilhem.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages postfix depends on:
ii adduser 3.115
ii cpio 2.11+dfsg-5
ii debconf [debconf-2.0] 1.5.59
ii dpkg 1.18.9
ii init-system-helpers 1.42
ii libc6 2.23-4
ii libdb5.3 5.3.28-12
ii libicu55 55.1-7
ii libsasl2-2 2.1.26.dfsg1-15
ii libsqlite3-0 3.13.0-1
ii libssl1.0.2 1.0.2h-1
ii lsb-base 9.20160629
ii netbase 5.3
ii ssl-cert 1.0.38
Versions of packages postfix recommends:
ii python3 3.5.1-4
Versions of packages postfix suggests:
ii dovecot-core [dovecot-common] 1:2.2.25-1
ii libsasl2-modules 2.1.26.dfsg1-15
ii mutt [mail-reader] 1.6.2-1
pn postfix-cdb <none>
pn postfix-doc <none>
pn postfix-ldap <none>
pn postfix-mysql <none>
pn postfix-pcre <none>
pn postfix-pgsql <none>
pn procmail <none>
pn resolvconf <none>
ii s-nail [mail-reader] 14.8.9-1
pn sasl2-bin <none>
pn ufw <none>
-- debconf information:
postfix/dynamicmaps_conversion_warning:
postfix/rfc1035_violation: false
postfix/mailbox_limit: 0
postfix/mynetworks: 127.0.0.1/32 [::1]/128
postfix/mydomain_warning:
* postfix/mailname: fresti.guilhem.org
postfix/retry_upgrade_warning:
postfix/recipient_delim: +
postfix/bad_recipient_delimiter:
postfix/destinations: fresti, fresti.guilhem.org, localhost,
localhost.localdomain
* postfix/main_mailer_type: Internet Site
postfix/chattr: false
postfix/sqlite_warning:
postfix/compat_conversion_warning: true
postfix/root_address:
postfix/main_cf_conversion_warning: true
postfix/procmail: false
postfix/kernel_version_warning:
postfix/tlsmgr_upgrade_warning:
postfix/not_configured:
postfix/protocols: all
postfix/relay_restrictions_warning:
postfix/relayhost:
--- a/master.cf 2016-07-31 23:28:40.658744035 +0200
+++ b/master.cf 2016-07-31 23:29:58.892652497 +0200
@@ -9,7 +9,6 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
@@ -37,31 +36,31 @@
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
-pickup unix n - - 60 1 pickup
-cleanup unix n - - - 0 cleanup
-qmgr unix n - - 300 1 qmgr
+smtp inet n - y - - smtpd
+pickup unix n - y 60 1 pickup
+cleanup unix n - y - 0 cleanup
#qmgr unix n - - 300 1 oqmgr
-tlsmgr unix - - - 1000? 1 tlsmgr
-rewrite unix - - - - - trivial-rewrite
-bounce unix - - - - 0 bounce
-defer unix - - - - 0 bounce
-trace unix - - - - 0 bounce
-verify unix - - - - 1 verify
-flush unix n - - 1000? 0 flush
-proxymap unix - - - - - proxymap
-proxywrite unix - - - - 1 proxymap
-smtp unix - - - - - smtp
-relay unix - - - - - smtp
+qmgr unix n - y 300 1 qmgr
+tlsmgr unix - - y 1000? 1 tlsmgr
+rewrite unix - - y - - trivial-rewrite
+bounce unix - - y - 0 bounce
+defer unix - - y - 0 bounce
+trace unix - - y - 0 bounce
+verify unix - - y - 1 verify
+flush unix n - y 1000? 0 flush
+proxymap unix - - y - - proxymap
+proxywrite unix - - y - 1 proxymap
+smtp unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - - - - showq
-error unix - - - - - error
-retry unix - - - - - error
-discard unix - - - - - discard
-local unix - n - - - local
-virtual unix - n - - - virtual
-lmtp unix - - - - - lmtp
-anvil unix - - - - 1 anvil
-scache unix - - - - 1 scache
+relay unix - - y - - smtp
+showq unix n - y - - showq
+error unix - - y - - error
+retry unix - - y - - error
+discard unix - - y - - discard
+local unix - n y - - local
+virtual unix - n y - - virtual
+lmtp unix - - y - - lmtp
+anvil unix - - y - 1 anvil
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
@@ -75,8 +74,7 @@
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
-maildrop unix - n - - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+scache unix - - y - 1 scache
#
# ====================================================================
#
@@ -107,14 +105,16 @@
#
# See the Postfix UUCP_README file for configuration details.
#
-uucp unix - n - - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+maildrop unix - n y - - pipe flags=DRhu
+ user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# Other external delivery methods.
#
-ifmail unix - n - - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n - - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+uucp unix - n y - - pipe flags=Fqhu
+ user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+ifmail unix - n y - - pipe flags=F user=ftn
+ argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n y - - pipe flags=Fq.
+ user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
signature.asc
Description: PGP signature
