From: Tomasz Papszun (no email)
Date: Thu Aug 01 2002 - 07:27:41 EDT
On Wed, 31 Jul 2002 at 14:27:23 -0700, Mark Ferlatte wrote:
> On Wed, Jul 31, 2002 at 10:48:28PM +0200, Tomasz Papszun wrote (0.42):
> > On Wed, 31 Jul 2002 at 22:16:14 +0200, Lutz Jaenicke wrote:
> > > I'll have to cross check with my Debian/Woody at work tomorrow.
> > > Until then: if memory serves me right, postfix-tls on Debian/Woody
> > > is an "upgrade" of postfix. It contains replacements for smtp and smtpd,
> > > but not for postconf. Therefore postconf does not know about TLS settings.
>
> You're right. postfix-tls doesn't do anything with the postconf binary
> (just checked my Debian woody box here).
I could have checked Debian bug tracking system first...
Such bug report is already submitted 49 days ago and not fixed (#149860).
> > Of course I do run postfix chrooted (which is usual Debian way).
> > I'm not sure on meaning of this citation. Does it mean that using SASL
> > with chrooted postfix is difficult (that it requires some substantial
> > modifications like recompiling it oneself with some (but what?) changes
> > or so)? Or even worse: that solution isn't known yet?
>
> Getting SASL to work in a chroot requires you to get all of the SASL
> libaries, and assorted infrastructure copied into your chroot. I looked
> into this, and decided that it really wasn't worth the effort for me.
>
> I'm sure that if you managed to get it working, and fixed the
> /etc/init.d/postfix script to automatically create the SASL chroot on
> startup, the Debian maintainer would be happy, but I don't believe it's
> a simple problem (mostly because the SASL libs seem to be undocumented).
Also in Debian bug tracking system there is a bug report #133586 (169 days
old and is not fixed) "Postfix needs pam + sasl in its chroot environment":
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133586&repeatmerged=yes
in which Christian Mayrhuber writes:
-----------------------------------------------------------------------
Hi, the postfix chroot environment isn't set up fully for pam and sasl
auth,
I'm doing this using a script:
#!/bin/sh
echo "updating chrooted postfix..."
rm /var/spool/postfix/lib/security
cp -a /lib/security /var/spool/postfix/lib
rm -rf /var/spool/postfix/etc/pam.d
cp -a /etc/pam.d /var/spool/postfix/etc
cp /etc/smtp-pam_ldap.conf /var/spool/postfix/etc
rm -rf /var/spool/postfix/usr
mkdir /var/spool/postfix/usr /var/spool/postfix/usr/lib
cp -a /usr/lib/libsasl* /var/spool/postfix/usr/lib/
cp -a /usr/lib/sasl /var/spool/postfix/usr/lib
-----------------------------------------------------------------------
Is this sufficient? How do you think? Isn't it too easy to be true?
Christian, is above script the only modification that you had to do to get
SASL working with chrooted postfix?
Regards
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
http://www.lodz.tpsa.pl/ | ones and zeros.
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|