Package: postfix
Version: 2.6.5-3
Hello world,
===== description of the problem
When running postfix daemon in chroot environment we need to assure
that the chroot dir is up-to-date (aka. etc/services lib/*, ...).
For a single instance this is done by the /etc/init.d/postfix script.
Starting with 2.6.x, Postfix supports now the multi-instance concept
(http://www.postfix.org/MULTI_INSTANCE_README.html). So for each
instance, we have a new /var/spool/postfix-instance that is created and
where daemons may be run as chrooted.
The problem with the /etc/init.d/postfix script distributed by Debian
(in version 2.6.5-3) is that it does not take of the multi-instance
chroot dirs : the script only synchronizes the default instance (aka
/etc/postfix) and not all the other instances. So in a chroot
environment, with a chroot dir not synchronized we may have some
problems like "fatal: unknown service: smtp/tcp".
===== workaround
I think the init.d script need to be adjust to take care of the
multi-instance chroot dir.
Please see the attached patch
"postfix-init.d--multiinstance-chroot-aware.patch".
It does 2 things :
- iterate on each instance declared in the default one (postmulti
-l) and do the job that was done in the past
- we have to synchronize some other file like "/dev/log" and
"/lib/libresolv*so*"
Do you confirm the problem ?
I remain available to help you correct this problem.
Best regards.
Alex.
--
Alexandre SIMON
Cellule (R)éseau StanNet/Lothaire
C.I.R.I.L. | Perm. réseau : +33 (0)3.83.68.24.24
Château du Montet | Tél. direct : +33 (0)3.83.68.24.32
Rue du Doyen Roubault | Fax : +33 (0)3.83.68.24.01
F - 54500 VANDOEUVRE | Email : [email protected]
--- postfix.orig 2009-12-11 11:02:44.000000000 +0100
+++ postfix 2009-12-11 13:40:51.000000000 +0100
@@ -52,61 +52,72 @@
if [ -n "$RUNNING" ]; then
log_end_msg 0
else
- # if you set myorigin to 'ubuntu.com' or 'debian.org', it's wrong,
and annoys the admins of
- # those domains. See also sender_canonical_maps.
- MYORIGIN=$(postconf -h myorigin | tr 'A-Z' 'a-z')
- if [ "X${MYORIGIN#/}" != "X${MYORIGIN}" ]; then
- MYORIGIN=$(tr 'A-Z' 'a-z' < $MYORIGIN)
- fi
- if [ "X$MYORIGIN" = Xubuntu.com ] || [ "X$MYORIGIN" = Xdebian.org
]; then
- log_failure_msg "Invalid \$myorigin ($MYORIGIN), refusing to
start"
- log_end_msg 1
- exit 1
- fi
+ # iterate in each instance
+ for INSTANCE_CONF_DIR in `postmulti -l | tr -s " " " " | cut -d" "
-f4`
+ do
+
+ # if you set myorigin to 'ubuntu.com' or 'debian.org', it's
wrong, and annoys the admins of
+ # those domains. See also sender_canonical_maps.
+
+ MYORIGIN=$(postconf -c $INSTANCE_CONF_DIR -h myorigin | tr
'A-Z' 'a-z')
+ if [ "X${MYORIGIN#/}" != "X${MYORIGIN}" ]; then
+ MYORIGIN=$(tr 'A-Z' 'a-z' < $MYORIGIN)
+ fi
+ if [ "X$MYORIGIN" = Xubuntu.com ] || [ "X$MYORIGIN" =
Xdebian.org ]; then
+ log_failure_msg "Invalid \$myorigin ($MYORIGIN), refusing
to start"
+ log_end_msg 1
+ exit 1
+ fi
- # see if anything is running chrooted.
- NEED_CHROOT=$(awk '/^[0-9a-z]/ && ($5 ~ "[-yY]") { print "y";
exit}' /etc/postfix/master.cf)
+ # see if anything is running chrooted.
+ NEED_CHROOT=$(awk '/^[0-9a-z]/ && ($5 ~ "[-yY]") { print "y";
exit}' $INSTANCE_CONF_DIR/master.cf)
- if [ -n "$NEED_CHROOT" ] && [ -n "$SYNC_CHROOT" ]; then
- # Make sure that the chroot environment is set up correctly.
- oldumask=$(umask)
- umask 022
- cd $(postconf -h queue_directory)
-
- # if we're using tls, then we need to add
etc/ssl/certs/ca-certificates.crt.
- smtp_use_tls=$(postconf -h smtp_use_tls)
- smtpd_use_tls=$(postconf -h smtpd_use_tls)
- if [ "X$smtp_use_tls" = "Xyes" -o "X$smtpd_use_tls" = "Xyes" ];
then
- if [ -f "/etc/ssl/certs/ca-certificates.crt" ]; then
- mkdir -p etc/ssl/certs
- cp /etc/ssl/certs/ca-certificates.crt etc/ssl/certs/
+ if [ -n "$NEED_CHROOT" ] && [ -n "$SYNC_CHROOT" ]; then
+ # Make sure that the chroot environment is set up correctly.
+ oldumask=$(umask)
+ umask 022
+ cd $(postconf -c $INSTANCE_CONF_DIR -h queue_directory)
+
+ # if we're using tls, then we need to add
etc/ssl/certs/ca-certificates.crt.
+ smtp_use_tls=$(postconf -c $INSTANCE_CONF_DIR -h
smtp_use_tls)
+ smtpd_use_tls=$(postconf -c $INSTANCE_CONF_DIR -h
smtpd_use_tls)
+ if [ "X$smtp_use_tls" = "Xyes" -o "X$smtpd_use_tls" =
"Xyes" ]; then
+ if [ -f "/etc/ssl/certs/ca-certificates.crt" ]; then
+ mkdir -p etc/ssl/certs
+ cp /etc/ssl/certs/ca-certificates.crt etc/ssl/certs/
+ fi
fi
- fi
- # if we're using unix:passwd.byname, then we need to add
etc/passwd.
- local_maps=$(postconf -h local_recipient_maps)
- if [ "X$local_maps" != "X${local_maps#*unix:passwd.byname}" ];
then
- if [ "X$local_maps" =
"X${local_maps#*proxy:unix:passwd.byname}" ]; then
- sed 's/^\([^:]*\):[^:]*/\1:x/' /etc/passwd > etc/passwd
- chmod a+r etc/passwd
+ # if we're using unix:passwd.byname, then we need to add
etc/passwd.
+ local_maps=$(postconf -c $INSTANCE_CONF_DIR -h
local_recipient_maps)
+ if [ "X$local_maps" != "X${local_maps#*unix:passwd.byname}"
]; then
+ if [ "X$local_maps" =
"X${local_maps#*proxy:unix:passwd.byname}" ]; then
+ sed 's/^\([^:]*\):[^:]*/\1:x/' /etc/passwd >
etc/passwd
+ chmod a+r etc/passwd
+ fi
fi
+
+ FILES="etc/localtime etc/services etc/resolv.conf etc/hosts
\
+ etc/nsswitch.conf etc/nss_mdns.config \
+ dev/log"
+ for file in $FILES; do
+ [ -d ${file%/*} ] || mkdir -p ${file%/*}
+ if [ -f /${file} ]; then rm -f ${file} && cp /${file}
${file}; fi
+ if [ -f ${file} ]; then chmod a+rX ${file}; fi
+ if [ -S /${file} ]; then rm -f ${file} && cp -a
/${file} ${file}; fi
+ done
+ rm -f usr/lib/zoneinfo/localtime
+ mkdir -p usr/lib/zoneinfo
+ ln -sf /etc/localtime usr/lib/zoneinfo/localtime
+ rm -f lib/libnss_*so*
+ tar cf - /lib/libnss_*so* 2>/dev/null |tar xf -
+ rm -f lib/libresolv*so*
+ tar cf - /lib/libresolv*so* 2>/dev/null |tar xf -
+ umask $oldumask
fi
- FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \
- etc/nsswitch.conf etc/nss_mdns.config"
- for file in $FILES; do
- [ -d ${file%/*} ] || mkdir -p ${file%/*}
- if [ -f /${file} ]; then rm -f ${file} && cp /${file}
${file}; fi
- if [ -f ${file} ]; then chmod a+rX ${file}; fi
- done
- rm -f usr/lib/zoneinfo/localtime
- mkdir -p usr/lib/zoneinfo
- ln -sf /etc/localtime usr/lib/zoneinfo/localtime
- rm -f lib/libnss_*so*
- tar cf - /lib/libnss_*so* 2>/dev/null |tar xf -
- umask $oldumask
- fi
+ done
if start-stop-daemon --start --exec ${DAEMON} -- quiet-quick-start;
then
log_end_msg 0
