[CentOS] Postfix chroot jail - Centos 4

Feizhou feizhou at graffiti.net
Fri Aug 25 04:27:48 UTC 2006


Leonardo Vilela Pinheiro wrote:
> As I can seen, there is the bind-chroot glue package, but is there a 
> postfix-chroot.rpm glue ? I have looked for it, but I think there is not.
> 
> If there is not, what is your opinion about creating one ?

not worth it. There has been no security issue with postfix itself since 
  its 2.0 version and only one issue in an older version.

Any security problems will come from external libraries such as 
cyrus-sasl/openssl and so making postfix chroot really means making a 
whole lot more chrooted if you plan to use these. From the master.cf file.

# Chroot: whether or not the service runs chrooted to the mail queue
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
# chrooted, except for the pipe, virtual and local delivery daemons.
# The proxymap server can run chrooted, but doing so defeats most of
# the purpose of having that service in the first place.
# The files in the examples/chroot-setup subdirectory describe how
# to set up a Postfix chroot environment for your type of machine.



More information about the CentOS mailing list