Re: Problem with DNS lookup when chrooted
* Stan Hoeppner s...@hardwarefreak.com: Lamont replied once, in Feb 2008, over 6 months after the bug report and patch were submitted, simply saying he wanted to wait for upstream. That is the first and last entry in the bug report from the maintainer. Thus, I would assume, as long as he's the maintainer, multi instance support will never be added to the Debian init script. I can confirm that the init script doesn't handle multiple instances properly. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Problem with DNS lookup when chrooted
Ralf Hildebrandt: * Stan Hoeppner s...@hardwarefreak.com: Lamont replied once, in Feb 2008, over 6 months after the bug report and patch were submitted, simply saying he wanted to wait for upstream. That is the first and last entry in the bug report from the maintainer. Thus, I would assume, as long as he's the maintainer, multi instance support will never be added to the Debian init script. I can confirm that the init script doesn't handle multiple instances properly. Trivial fix: modify the init script to invoke postfix start etc. instead of directly invoking the master daemon. Wietse
Re: Problem with DNS lookup when chrooted
On 8/11/2011 10:50 AM, Wietse Venema wrote: Ralf Hildebrandt: * Stan Hoeppner s...@hardwarefreak.com: Lamont replied once, in Feb 2008, over 6 months after the bug report and patch were submitted, simply saying he wanted to wait for upstream. That is the first and last entry in the bug report from the maintainer. Thus, I would assume, as long as he's the maintainer, multi instance support will never be added to the Debian init script. I can confirm that the init script doesn't handle multiple instances properly. Trivial fix: modify the init script to invoke postfix start etc. instead of directly invoking the master daemon. I don't believe the current init script directly invokes the master daemon, but I'm not much of a shell programmer, so someone else would need to confirm. /usr/lib/postfix/master does not appear in the script file anywhere. And, this init script we're discussing /etc/init.d/postfix, is what provides start|stop|reload etc functionality in Debian. So, changing as you recommend would simply have it re-invoke itself. At least that's my amateur read of it. Note that I've never looked at the Postfix source files, so I have no idea of the differences between the Debian way and what Wietse distributes. -- Stan
Re: Problem with DNS lookup when chrooted
On Thu, 11 Aug 2011 12:33:44 -0500, Stan Hoeppner
s...@hardwarefreak.com wrote:
Trivial fix: modify the init script to invoke postfix start etc.
instead of directly invoking the master daemon.
I don't believe the current init script directly invokes the master
daemon,
Debian/Ubuntu's current /etc/init.d/postfix script does not invoke
master.
That script sets: DAEMON=/usr/sbin/postfix
NOTE: file /usr/sbin/postfix being: /usr/sbin/postfix: ELF 32-bit LSB
shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses
shared libs), for GNU/Linux 2.6.15, stripped
and then uses $DAEMON in start), stop), restart), etc.
start) uses:
awk '/^[0-9a-z]/ ($5 ~ [-yY])' /etc/postfix/master.cf
to check if anything is to be chrooted.
If anything chrooted, the relevant files are copied to the chroot and
after that /usr/sbin/postfix is started as a daemon with:
start-stop-daemon --start --exec ${DAEMON} -- quiet-quick-start
stop)
stop uses: ${DAEMON} quiet-stop
reload)
reload uses: ${DAEMON} quiet-reload
Regards,
M.
I am attaching the Debian/Ubuntu current /etc/init.d/postfix script:
##
#!/bin/sh -e
# Start or stop Postfix
#
# LaMont Jones lam...@debian.org
# based on sendmail's init.d script
### BEGIN INIT INFO
# Provides: postfix mail-transport-agent
# Required-Start:$local_fs $remote_fs $syslog $named $network $time
# Required-Stop: $local_fs $remote_fs $syslog $named $network
# Should-Start: postgresql mysql clamav-daemon postgrey
spamassassin saslauthd dovecot # Should-Stop: postgresql mysql
clamav-daemon postgrey spamassassin saslauthd dovecot #
Default-Start: 2 3 4 5 # Default-Stop: 0 1 6
# Short-Description: start and stop the Postfix Mail Transport Agent
# Description: postfix is a Mail Transport agent
### END INIT INFO
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/postfix
NAME=Postfix
TZ=
unset TZ
# Defaults - don't touch, edit /etc/default/postfix
SYNC_CHROOT=y
test -f /etc/default/postfix . /etc/default/postfix
test -x $DAEMON test -f /etc/postfix/main.cf || exit 0
. /lib/lsb/init-functions
#DISTRO=$(lsb_release -is 2/dev/null || echo Debian)
running() {
queue=$(postconf -h queue_directory 2/dev/null ||
echo /var/spool/postfix) if [ -f ${queue}/pid/master.pid ]; then
pid=$(sed 's/ //g' ${queue}/pid/master.pid)
# what directory does the executable live in. stupid prelink
systems. dir=$(ls -l /proc/$pid/exe 2/dev/null | sed 's/.* - //;
s/\/[^\/]*$//') if [ X$dir = X/usr/lib/postfix ]; then
echo y
fi
fi
}
case $1 in
start)
log_daemon_msg Starting Postfix Mail Transport Agent postfix
RUNNING=$(running)
if [ -n $RUNNING ]; then
log_end_msg 0
else
# if you set myorigin to 'ubuntu.com' or 'debian.org', it's
wrong, and annoys the admins of # those domains. See also
sender_canonical_maps.
MYORIGIN=$(postconf -h myorigin | tr 'A-Z' 'a-z')
if [ X${MYORIGIN#/} != X${MYORIGIN} ]; then
MYORIGIN=$(tr 'A-Z' 'a-z' $MYORIGIN)
fi
if [ X$MYORIGIN = Xubuntu.com ] || [ X$MYORIGIN =
Xdebian.org ]; then log_failure_msg Invalid \$myorigin
($MYORIGIN), refusing to start log_end_msg 1
exit 1
fi
# see if anything is running chrooted.
NEED_CHROOT=$(awk '/^[0-9a-z]/ ($5 ~ [-yY]) { print
y; exit}' /etc/postfix/master.cf)
if [ -n $NEED_CHROOT ] [ -n $SYNC_CHROOT ]; then
# Make sure that the chroot environment is set up
correctly. oldumask=$(umask)
umask 022
queue_dir=$(postconf -h queue_directory)
cd $queue_dir
# copy the CA path if specified
ca_path=$(postconf -h smtp_tls_CApath)
case $ca_path in
'') :;; # no ca_path
$queue_dir/*) :;; # skip stuff already in chroot
*)
if test -d $ca_path; then
dest_dir=$queue_dir/${ca_path#/} new=0
if test -d $dest_dir
# write to a new directory ...
then dest_dir=$dest_dir.NEW new=1
else mkdir --parent ${dest_dir%/*}
fi
# handle files in subdirectories
find $ca_path -print0 | cpio -0pdL
$dest_dir if [ $new = 1 ]; then
# and replace the old directory
rm -r ${dest_dir%.NEW}
mv $dest_dir ${dest_dir%.NEW}
fi
fi
;;
esac
# if there is
Re: Problem with DNS lookup when chrooted
* Wietse Venema wie...@porcupine.org: I can confirm that the init script doesn't handle multiple instances properly. Trivial fix: modify the init script to invoke postfix start etc. instead of directly invoking the master daemon. Yeah, that's what I did :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Problem with DNS lookup when chrooted
On 2011-08-10 07:10, ricardus1867 wrote: Hi! By trying to add a second postfix instance (something seems to have went terribly wrong), I managed to screw up my postfix. Badly. Nothing would work anymore. So I tried the scorched earth approach (purge, then install). That worked more or less, except for the fact that /var/spool/postfix/etc was empty. So one of the problems (DNS lookups stopped working) persisted. I copied a couple of files inside that directory that I remembered being there (hosts, localtime, nsswitch.conf, resolv.conf, services and the ssl certs), but the error either is elsewhere or I forgot to copy a file... I tried no setting chroot to no for the smtp daemon. That fixes the problem. But how can I make DNS lookups work again without loosing the chroot? /var/spool/postfix/lib needs to contain libresolve and the various libnss-* libraries. Thanks in advance for any help! Regards ricardus -- J.
Re: Problem with DNS lookup when chrooted
On 8/10/2011 12:10 AM, ricardus1867 wrote: By trying to add a second postfix instance (something seems to have went terribly wrong), I managed to screw up my postfix. Badly. Nothing would work anymore. So I tried the scorched earth approach (purge, then install). That worked more or less, except for the fact that /var/spool/postfix/etc was empty. So one of the problems (DNS lookups stopped working) persisted. I copied a couple of files inside that directory that I remembered being there (hosts, localtime, nsswitch.conf, resolv.conf, services and the ssl certs), but the error either is elsewhere or I forgot to copy a file... I tried no setting chroot to no for the smtp daemon. That fixes the problem. But how can I make DNS lookups work again without loosing the chroot? Chroot and multiple instance support are, or should be, handled properly by the Postfix init scripts. If you are using a distro Postfix package, these scripts are written and maintained by distro staff. For a thorough description of the cause of this problem, and fixes, it is worth the time to read this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560682 Even if you're using something other than Debian, the knowledge gained from this doc is valuable in understanding the issue. -- Stan
Re: Problem with DNS lookup when chrooted
That did it. Thanks! ricardus Jeroen Geilman wrote: On 2011-08-10 07:10, ricardus1867 wrote: Hi! By trying to add a second postfix instance (something seems to have went terribly wrong), I managed to screw up my postfix. Badly. Nothing would work anymore. So I tried the scorched earth approach (purge, then install). That worked more or less, except for the fact that /var/spool/postfix/etc was empty. So one of the problems (DNS lookups stopped working) persisted. I copied a couple of files inside that directory that I remembered being there (hosts, localtime, nsswitch.conf, resolv.conf, services and the ssl certs), but the error either is elsewhere or I forgot to copy a file... I tried no setting chroot to no for the smtp daemon. That fixes the problem. But how can I make DNS lookups work again without loosing the chroot? /var/spool/postfix/lib needs to contain libresolve and the various libnss-* libraries. Thanks in advance for any help! Regards ricardus -- J. -- View this message in context: http://old.nabble.com/Problem-with-DNS-lookup-when-chrooted-tp32231386p32234361.html Sent from the Postfix mailing list archive at Nabble.com.
Re: Problem with DNS lookup when chrooted
Chroot and multiple instance support are, or should be, handled properly by the Postfix init scripts. should be. Exactly! I did the re-install with a single instance, but it was troublesome. dpkg kept throwing errors because of some post-installation modifications. The second instance effectively screwed up the usual directory structure... Guess there were some leftovers preventing the installation script from working properly. Because I didn't have those problems when I installed it the first time... ricardus Stan Hoeppner wrote: On 8/10/2011 12:10 AM, ricardus1867 wrote: By trying to add a second postfix instance (something seems to have went terribly wrong), I managed to screw up my postfix. Badly. Nothing would work anymore. So I tried the scorched earth approach (purge, then install). That worked more or less, except for the fact that /var/spool/postfix/etc was empty. So one of the problems (DNS lookups stopped working) persisted. I copied a couple of files inside that directory that I remembered being there (hosts, localtime, nsswitch.conf, resolv.conf, services and the ssl certs), but the error either is elsewhere or I forgot to copy a file... I tried no setting chroot to no for the smtp daemon. That fixes the problem. But how can I make DNS lookups work again without loosing the chroot? Chroot and multiple instance support are, or should be, handled properly by the Postfix init scripts. If you are using a distro Postfix package, these scripts are written and maintained by distro staff. For a thorough description of the cause of this problem, and fixes, it is worth the time to read this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560682 Even if you're using something other than Debian, the knowledge gained from this doc is valuable in understanding the issue. -- Stan -- View this message in context: http://old.nabble.com/Problem-with-DNS-lookup-when-chrooted-tp32231386p32234411.html Sent from the Postfix mailing list archive at Nabble.com.
Re: Problem with DNS lookup when chrooted
On 8/10/2011 9:17 AM, ricardus1867 wrote: Chroot and multiple instance support are, or should be, handled properly by the Postfix init scripts. should be. Exactly! I did the re-install with a single instance, but it was troublesome. dpkg kept throwing errors because of some post-installation modifications. The second instance effectively screwed up the usual directory structure... Guess there were some leftovers preventing the installation script from working properly. Because I didn't have those problems when I installed it the first time... Are you running an older version of Debian or current (Squeeze)? Or are you running Ubuntu? IIRC multi instance wasn't supported on Lenny (5.x) or prior. If that bug report was correct, multi instance was added by Wietse in 2.6.5. So, Squeeze, which ships with 2.7.1 would be the first Debian to have Postfix multi instance support. You didn't state whether you're running the Debian Postfix package or if you installed from source. -- Stan
Re: Problem with DNS lookup when chrooted
I'm running Ubuntu 10.04 and I installed Postfix 2.8.4 from Christian Roessner's PPA. ricardus Stan Hoeppner wrote: On 8/10/2011 9:17 AM, ricardus1867 wrote: Chroot and multiple instance support are, or should be, handled properly by the Postfix init scripts. should be. Exactly! I did the re-install with a single instance, but it was troublesome. dpkg kept throwing errors because of some post-installation modifications. The second instance effectively screwed up the usual directory structure... Guess there were some leftovers preventing the installation script from working properly. Because I didn't have those problems when I installed it the first time... Are you running an older version of Debian or current (Squeeze)? Or are you running Ubuntu? IIRC multi instance wasn't supported on Lenny (5.x) or prior. If that bug report was correct, multi instance was added by Wietse in 2.6.5. So, Squeeze, which ships with 2.7.1 would be the first Debian to have Postfix multi instance support. You didn't state whether you're running the Debian Postfix package or if you installed from source. -- Stan -- View this message in context: http://old.nabble.com/Problem-with-DNS-lookup-when-chrooted-tp32231386p32237246.html Sent from the Postfix mailing list archive at Nabble.com.
Re: Problem with DNS lookup when chrooted
On 8/10/2011 3:07 PM, ricardus1867 wrote: I'm running Ubuntu 10.04 and I installed Postfix 2.8.4 from Christian Roessner's PPA. I just went through the Debian 6.x Postfix 2.7.1 init script, and I'm sorry to say that it appears multi instance support was never added. Christian's init script is likely the Debian init script. You may want to diff them to confirm. A working multi instance patch was submitted via the Debian bug reporting system to the package maintainer (I linked it previously IIRC), Lamont Jones, _4 years ago_, in July 2007. It was apparently never accepted, and no independent alternative was created. Lamont replied once, in Feb 2008, over 6 months after the bug report and patch were submitted, simply saying he wanted to wait for upstream. That is the first and last entry in the bug report from the maintainer. Thus, I would assume, as long as he's the maintainer, multi instance support will never be added to the Debian init script. No reason for never implementing multi instance in Debian was given. Maybe this was discussed elsewhere and I'm simply unaware of it. -- Stan ricardus Stan Hoeppner wrote: On 8/10/2011 9:17 AM, ricardus1867 wrote: Chroot and multiple instance support are, or should be, handled properly by the Postfix init scripts. should be. Exactly! I did the re-install with a single instance, but it was troublesome. dpkg kept throwing errors because of some post-installation modifications. The second instance effectively screwed up the usual directory structure... Guess there were some leftovers preventing the installation script from working properly. Because I didn't have those problems when I installed it the first time... Are you running an older version of Debian or current (Squeeze)? Or are you running Ubuntu? IIRC multi instance wasn't supported on Lenny (5.x) or prior. If that bug report was correct, multi instance was added by Wietse in 2.6.5. So, Squeeze, which ships with 2.7.1 would be the first Debian to have Postfix multi instance support. You didn't state whether you're running the Debian Postfix package or if you installed from source. -- Stan
Re: Problem with DNS lookup when chrooted
On Wednesday, August 10, 2011 05:16:50 PM Stan Hoeppner wrote: On 8/10/2011 3:07 PM, ricardus1867 wrote: I'm running Ubuntu 10.04 and I installed Postfix 2.8.4 from Christian Roessner's PPA. I just went through the Debian 6.x Postfix 2.7.1 init script, and I'm sorry to say that it appears multi instance support was never added. Christian's init script is likely the Debian init script. You may want to diff them to confirm. A working multi instance patch was submitted via the Debian bug reporting system to the package maintainer (I linked it previously IIRC), Lamont Jones, _4 years ago_, in July 2007. It was apparently never accepted, and no independent alternative was created. Lamont replied once, in Feb 2008, over 6 months after the bug report and patch were submitted, simply saying he wanted to wait for upstream. That is the first and last entry in the bug report from the maintainer. Thus, I would assume, as long as he's the maintainer, multi instance support will never be added to the Debian init script. No reason for never implementing multi instance in Debian was given. Maybe this was discussed elsewhere and I'm simply unaware of it. I've discussed it with Lamont in the last few months. He is aware of it and planning on updating the Debian package, but it hasn't quite made the top of the TODO list yet. Scott K
