Re: [Cooker] postfix, chroot jail, /etc/* updates
Buchan Milne wrote: + at least 44 MandrakeClub members ... oki. first draft of rpm available at: http://yves.zarb.org/postfix/ (of course linked against openssl 0.9.7, but still with db3.3). do *NOT* use on production box, or at your OWN risk. but please test and report :) Actually, the original requester wanted postfix2+spamassassin+amavisd-new+clamav+cyrus-imapd why cyrus-impad ? The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP system. and AFAIK is not cyrus-aware. you will need more cyrus tools. i think you was talking about courier-imap. I would add openLdap to store user informations. otherwise couier-imapd is not what we can call a piece of fun to configure with cram-md5 auth. (of course we have clamav and spamassassin in contrib AFIAK). Will take a look at amavisd-new soon. i have a doc made by a mandrake guy (amaury) somewhere. i will send you as soon as i find it back...
Re: [Cooker] postfix, chroot jail, /etc/* updates
On Tue, 2003-01-14 at 08:33, Yves Duret wrote: BTW, how many are interressed of postfix 2.0.1 rpms ? At least me. Brice
Re: [Cooker] postfix, chroot jail, /etc/* updates
Am Dienstag, 14. Januar 2003 09:30 schrieb Brice Figureau: On Tue, 2003-01-14 at 08:33, Yves Duret wrote: BTW, how many are interressed of postfix 2.0.1 rpms ? At least me. Brice Me too, Martin -- H E L I X Gesellschaft für Software Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg85903/pgp0.pgp Description: signature
Re: [Cooker] postfix, chroot jail, /etc/* updates
Martin Fahrendorf wrote: Am Dienstag, 14. Januar 2003 09:30 schrieb Brice Figureau: On Tue, 2003-01-14 at 08:33, Yves Duret wrote: BTW, how many are interressed of postfix 2.0.1 rpms ? At least me. Brice Me too, + at least 44 MandrakeClub members ... Actually, the original requester wanted postfix2+spamassassin+amavisd-new+clamav+cyrus-imapd (of course we have clamav and spamassassin in contrib AFIAK). Will take a look at amavisd-new soon. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Re: [Cooker] postfix, chroot jail, /etc/* updates
tisdagen den 14 januari 2003 14.17 skrev Buchan Milne: Martin Fahrendorf wrote: Am Dienstag, 14. Januar 2003 09:30 schrieb Brice Figureau: On Tue, 2003-01-14 at 08:33, Yves Duret wrote: BTW, how many are interressed of postfix 2.0.1 rpms ? At least me. Brice Me too, + at least 44 MandrakeClub members ... Actually, the original requester wanted postfix2+spamassassin+amavisd-new+clamav+cyrus-imapd (of course we have clamav and spamassassin in contrib AFIAK). Will take a look at amavisd-new soon. Buchan (apache2 related ;)) This one would be pretty cool to run against clamd: http://www.willbe6.org/security/mod_vscan/ But..., someone needs to add code for that ;) -- Regards // Oden Eriksson, Deserve-IT.com
Re: [Cooker] postfix, chroot jail, /etc/* updates
Am Samstag, 11. Januar 2003 18:12 schrieb Michael Scherer: Just lost dozens of sent mails with postfix during at least 2 months. I use my laptop with postfix in several networks. I have simple scripts to update eg. /etc/resolv.conf. However /var/spool/postfix/etc/ wasn't getting updated (since I wasn't aware of it). Sent mails (and also messages about mail delivery problems) were getting lost when laptop wasn't in the environment it was in when postfix was first configured with mdk 9.0 upgrade. Is there some mechanism that updates /var/spool/postfix/etc/ ? Why doesn't /etc/rc.d/init.d/postfix (seem to) run it? Should there be some mechanism in cron tables to update the jail? This could just be a problem I have caused by my own careless tinkerings, but since the effects caused me (and my wife) some trouble I thought it's nice to mention it. I had almost the same problem. Come back from a 4 month travel, and postfix was not at the good time, since /var/spool/postfix/etc/localtime was not updated. I had think of a few solutions, such as using mount --bind, or using ln to create a hardlink. But, since I can not really try in real life condition and having not much time to do so, I don't know if it work fine. Mick Hey, simply disable the chroot jail. If you ar not permanently connected to the internet and your postfix does not listen to public reachable ports it does not relaly mater. And postfix is known to be realy stable and secure. Martin -- H E L I X Gesellschaft für Software Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg85763/pgp0.pgp Description: signature
Re: [Cooker] postfix, chroot jail, /etc/* updates
Martin Fahrendorf wrote: Am Samstag, 11. Januar 2003 18:12 schrieb Michael Scherer: simply disable the chroot jail. If you ar not permanently connected to the internet and your postfix does not listen to public reachable ports it does not relaly mater. And postfix is known to be realy stable and secure. But the script should still be fixed to update files in the jail from outside the jail. Plus, one wonders why the default is to chroot, since probably most postfix installations on Mandrake are not production servers, and at present chrooting is more trouble than it is worth for typical use. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Re: [Cooker] postfix, chroot jail, /etc/* updates
On Mon, 2003-01-13 at 12:28, Buchan Milne wrote: Martin Fahrendorf wrote: Am Samstag, 11. Januar 2003 18:12 schrieb Michael Scherer: simply disable the chroot jail. If you ar not permanently connected to the internet and your postfix does not listen to public reachable ports it does not relaly mater. And postfix is known to be realy stable and secure. Plus, one wonders why the default is to chroot, since probably most postfix installations on Mandrake are not production servers, and at present chrooting is more trouble than it is worth for typical use. Postfix as distributed by the author (www.postfix.org) is not chroot-ed by default... Brice
Re: [Cooker] postfix, chroot jail, /etc/* updates
On Sat, 2003-01-11 at 14:19, Peter Lamberg wrote: Just lost dozens of sent mails with postfix during at least 2 months. I use my laptop with postfix in several networks. I have simple scripts to update eg. /etc/resolv.conf. Postfix can't loose mail, since it deletes mail ONLY if the other SMTP server acknowledges it had the mail. If the mail were deferred they still are in the postfix queue (/var/spool/postfix) and still be accessible with the postcat/postsuper commands. mailq (or sendmail -bp) can list the queue. Is there some mechanism that updates /var/spool/postfix/etc/ ? Postfix logs upon restart/reload that files are different, check your /var/log/mail/* log files from time to time. Brice
Re: [Cooker] postfix, chroot jail, /etc/* updates
Postfix 2.0.1 (Stable) Changes: This release introduces a new proxymap service for Postfix lookup table access via another process. This was added primarily to overcome chroot restrictions in the Postfix SMTP server but can also be used to consolidate the number of open tables by sharing one open table among multiple processes. Also, with the local_recipient_maps feature turned on, the SMTP server did not recognize the local built-in double bounce address as local. This has been addressed. Does this work around the problem being discussed? --- Brice Figureau [EMAIL PROTECTED] wrote: On Sat, 2003-01-11 at 14:19, Peter Lamberg wrote: Just lost dozens of sent mails with postfix during at least 2 months. I use my laptop with postfix in several networks. I have simple scripts to update eg. /etc/resolv.conf. Postfix can't loose mail, since it deletes mail ONLY if the other SMTP server acknowledges it had the mail. If the mail were deferred they still are in the postfix queue (/var/spool/postfix) and still be accessible with the postcat/postsuper commands. mailq (or sendmail -bp) can list the queue. Is there some mechanism that updates /var/spool/postfix/etc/ ? Postfix logs upon restart/reload that files are different, check your /var/log/mail/* log files from time to time. Brice __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Re: [Cooker] postfix, chroot jail, /etc/* updates
Am Montag, 13. Januar 2003 12:28 schrieb Buchan Milne: Martin Fahrendorf wrote: Am Samstag, 11. Januar 2003 18:12 schrieb Michael Scherer: simply disable the chroot jail. If you ar not permanently connected to the internet and your postfix does not listen to public reachable ports it does not relaly mater. And postfix is known to be realy stable and secure. But the script should still be fixed to update files in the jail from outside the jail. Plus, one wonders why the default is to chroot, since probably most postfix installations on Mandrake are not production servers, and at present chrooting is more trouble than it is worth for typical use. An a additional problem: there are some programs (dhcpcd pppd) that can change /etc/resolv.conf during runtime, so the change of the startup is not valid anymore. And, more problematic, postfix does not know of this changes. And btw: Wietse Venema highly recomends the use of chroot only to experienced users. Buchan Martin -- H E L I X Gesellschaft für Software Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg85781/pgp0.pgp Description: signature
Re: [Cooker] postfix, chroot jail, /etc/* updates
Am Montag, 13. Januar 2003 13:14 schrieb David Walser: Postfix 2.0.1 (Stable) Changes: This release introduces a new proxymap service for Postfix lookup table access via another process. This was added primarily to overcome chroot restrictions in the Postfix SMTP server but can also be used to consolidate the number of open tables by sharing one open table among multiple processes. Also, with the local_recipient_maps feature turned on, the SMTP server did not recognize the local built-in double bounce address as local. This has been addressed. Does this work around the problem being discussed? No, I don't think so. /etc/resolv.conf is not a lookup table. transport, alias, access et al are lookup tables. Martin -- H E L I X Gesellschaft für Software Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg85782/pgp0.pgp Description: signature
Re: [Cooker] postfix, chroot jail, /etc/* updates
On Sat, Jan 11, 2003 at 02:19:22PM +0100, Peter Lamberg wrote: Just lost dozens of sent mails with postfix during at least 2 months. I use my laptop with postfix in several networks. I have simple scripts to update eg. /etc/resolv.conf. However /var/spool/postfix/etc/ wasn't getting updated (since I wasn't aware of it). yes there is some pb with postfix in chroot jail and /var/spool/postfix/etc/resolv.conf not updated automatically. You can modify your script to copy your new /etc/resolv.cof to /var/spool/postfix/etc or disable the chroot jail. But that really strange you loosed mails. Sent mails (and also messages about mail delivery problems) were getting lost when laptop wasn't in the environment it was in when postfix was first configured with mdk 9.0 upgrade. Is there some mechanism that updates /var/spool/postfix/etc/ ? Why doesn't /etc/rc.d/init.d/postfix (seem to) run it? Should there be some mechanism in cron tables to update the jail? no. that should be done when updating /etc/resolv.conf i had a patch to do it, but it is a bit nasty and i prefer the debian way to do it but that requires some changement to initscripts (especially no more sync with rh). This could just be a problem I have caused by my own careless tinkerings, but since the effects caused me (and my wife) some trouble I thought it's nice to mention it. thx. BTW, how many are interressed of postfix 2.0.1 rpms ? -- Yves Duret [EMAIL PROTECTED] piouk toujours et meme apres !
Re: [Cooker] postfix, chroot jail, /etc/* updates
On Mon, Jan 13, 2003 at 04:14:02AM -0800, David Walser wrote: Postfix 2.0.1 (Stable) Changes: This release introduces a new proxymap service for Postfix lookup table access via another process. This was added primarily to overcome chroot restrictions in the Postfix SMTP server but can also be used to consolidate the number of open tables by sharing one open table among multiple processes. Also, with the local_recipient_maps feature turned on, the SMTP server did not recognize the local built-in double bounce address as local. This has been addressed. Does this work around the problem being discussed? no it is for transport_table and co. no for resolv.conf -- Yves Duret [EMAIL PROTECTED] piouk toujours et meme apres !
[Cooker] postfix, chroot jail, /etc/* updates
Just lost dozens of sent mails with postfix during at least 2 months. I use my laptop with postfix in several networks. I have simple scripts to update eg. /etc/resolv.conf. However /var/spool/postfix/etc/ wasn't getting updated (since I wasn't aware of it). Sent mails (and also messages about mail delivery problems) were getting lost when laptop wasn't in the environment it was in when postfix was first configured with mdk 9.0 upgrade. Is there some mechanism that updates /var/spool/postfix/etc/ ? Why doesn't /etc/rc.d/init.d/postfix (seem to) run it? Should there be some mechanism in cron tables to update the jail? This could just be a problem I have caused by my own careless tinkerings, but since the effects caused me (and my wife) some trouble I thought it's nice to mention it. Yours, Peter
