> On 08/26/2014 03:13 PM, Wietse Venema wrote: > Martin Vegter: >>> On 08/26/2014 12:56 AM, Viktor Dukhovni wrote: >>>> Are there any reasons against using chrooted smtp ? >>> >>> Chroot jails require an expert administrator, able to trouble-shoot >>> problems with plugins or system libraries that depend on resources >>> that may not exist in the jail. >>> >>> Debian made the mistake of enabling chroot on machines operated by >>> relatively inexperienced users, and failing to fully automate all >>> the requisite chroot-jail care and feeding. >> >> I have found the problem: >> >> I had /var mounted with nosuid,nodev,noexec options. When I remount it >> with nosuid,dev,exec then the hostname resolving works (even when chrooted) >> >> May I ask list members an opinion? >> Now when chroot works, is it recommended to use it? Does it provide an >> extra layer of security? > > That depends on what else is running in your system. Besides a small > unprivileged Postfix network daemon inside a chroot jail, do you > have other network daemons running that are large, that have full > access to the file system, and that run with high privilege level?
I am running only Postfix and openssh-server
