Martin Vegter:
> > On 08/26/2014 12:56 AM, Viktor Dukhovni wrote:
> >> Are there any reasons against using chrooted smtp ?
> >
> > Chroot jails require an expert administrator, able to trouble-shoot
> > problems with plugins or system libraries that depend on resources
> > that may not exist in the jail.
> >
> > Debian made the mistake of enabling chroot on machines operated by
> > relatively inexperienced users, and failing to fully automate all
> > the requisite chroot-jail care and feeding.
>
> I have found the problem:
>
> I had /var mounted with nosuid,nodev,noexec options. When I remount it
> with nosuid,dev,exec then the hostname resolving works (even when chrooted)
>
> May I ask list members an opinion?
> Now when chroot works, is it recommended to use it? Does it provide an
> extra layer of security?
That depends on what else is running in your system. Besides a small
unprivileged Postfix network daemon inside a chroot jail, do you
have other network daemons running that are large, that have full
access to the file system, and that run with high privilege level?
Wietse
