On Fri, 17 Apr 2020 22:43:22 +0200 Vincent Danjean <vdanjean...@free.fr> wrote:
In main.cf, I've: ===================== [...] canonical_maps = hash:/etc/postfix/canonical ldap:/etc/postfix/canonical-ldap.cf =====================
For the record. The solution to this bug report was wrong. Instead of copying everything to access ldap from within the chroot, just use proxy: map type, like this: canonical_maps = hash:/etc/postfix/canonical proxy:ldap:/etc/postfix/canonical-ldap.cf Postfix will delegate map lookups to a separate process which is not running chrooted. The amount of files needed for various stuff like this one is insane, people start copying key files into the chroot too, - I wonder why not to copy whole system there... No. This is a wrong solution. The right solution - the proxy: map type - is implemented for over 2 decades already. Additionally, this fix is wrong from a different PoV: it gives the same setting for all postfix instances in a multi-instance configuration. This extra chroot file should be in main.cf of the given instance (or in an extra file located in the config directory). I'm removing support for copying additional files like this from the postfix package. Please use the right solutions. Besides, adding a configuration knob to (un-)chroot postfix is another item in my todo list. It's rather easy to do the main part now with postconf -M etc, but it should have some user interface. Thanks, /mjt
