[CentOS] Postfix chroot jail - Centos 4

Thu Aug 24 15:41:48 UTC 2006
Alexander Dalloz <ad+lists at uni-x.org>

Leonardo Vilela Pinheiro schrieb:

> As I can seen, there is the bind-chroot glue package, but is there a
> postfix-chroot.rpm glue ? I have looked for it, but I think there is not.

You are right, there is none. You may do an RFE in upstream's bugzilla.
Though there is the /etc/postfix/postfix-chroot script shipping with the 
Postfix rpm.

> If there is not, what is your opinion about creating one ?

Other than with bind I take the security advantage of a chrooted Postfix 
little. Especially because other than bind Postfix typically calls other 
applications as for instance content filters (amavisd-new comes to mind) 
and, very prominently, uses Cyrus-SASL for client and server SMTP AUTH. 
So to be able to do SMTP AUTH with a chrooted Postfix you will have to 
do relocate the SASL libs - just copying into the chroot is not enough 
(Debian i.e. has its own patches for this).

Do you have a working solution for CentOS / RHEL in your pocket?

Cheers

Alexander