09.12.2024 17:17, Wietse Venema via Postfix-users wrote: ...
Setting up the necessary helper files under /var/spool/postfix (nsswitch.conf, TLS, resolv.conf, services) remains platform-specific.
I was under impression postfix does not need nsswitch.conf in the chroot. But I was wrong. smtp_host_lookup = dns (default) or native native uses nsswitch on Linux (getaddrinfo() is implemented through nsswitch on linux). disable_dns_lookups = yes turns smtp_host_lookups to native So even with these 2, there's already possibility to need nss stuff in the chroot. Now, things becomes interesting. Is there anything else besides hosts lookup (+ services, for getaddrinfo()) which is being done by postfix? I know about other software such as ldap or sasl, these might do other types of lookups. Does postfix try to init nss before enering chroot, so it at least loads the nss modules? Apparenlty there's standard no way to keep getaddrinfo() initialized. It'd be very nice if there's some way to do this - to at least avoid having nsswitch.conf itself plus the modules (with all their deps) in the chroot. /etc/services and /etc/hosts are needed the most common "files" lookup of hosts and services. Plus whatever else is needed for other configured modules - I'm not referring to these. There are also things like SASL, TLS, which might want other lookup types - if someone knows their requirements, please comment. I'm not referring to maps like ldap: - these should be kept out of chroot, either by un-chrooting the postfix service or by using proxy: map type. Thanks, /mjt _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
