postfix installation

Drew Marshall drew at THEMARSHALLS.CO.UK
Mon Sep 6 20:05:33 IST 2004 

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Juan Pablo Abuyeres wrote:
<blockquote cite="mid1094486277.5581.32.camel at blackbird.tecnoera.com"
 type="cite">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta name="GENERATOR" content="GtkHTML/3.0.10">
Hi,<br>
  <br>
I've installed Fedora Core 2, and I'm installing Postfix with
MailScanner. The point is, I've followed the directives at <a
 href="http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml">http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml</a>
to perform the installation. But I have a question about point 3, which
says:<br>
  <br>
Make sure you have the chroot jail set up in /var/spool/postfix. You
should be able to see "etc", "usr" and "lib" directories inside
/var/spool/postfix). If you haven't got the chroot jail setup already,
then look in the "examples" directory of the Postfix documentation and
you will find a script in there to set up it up for your operating
system. If you can't find that, then see the "Problems or Errors"
section further down this page.<br>
  <br>
Is it totally necesary to do that? I missed that part, and MailScanner
seems to be working just fine, so I don't know what would happen if I
don't chroot Postfix. Or is it an option to enhance security?<br>
</blockquote>
I once saw a post from Weitse which went a long the lines of most
Postfix installations are not chrooted as they cause 'many' people more
trouble than the solve. Guess he was talking about competency and his
desire to answer chroot questions against the smaller security benefit
of running chroots. I would say it's one of those do it if you wish
things. If Postfix is not chrooted and an attacker gained access
through smtpd (Which is only one process in Postfix) the they would
only have 'Postfix' user privileges, which are minimal and access to
only the SMTP receive daemon. So not too risky really (There is an OT
post in the archive last month about security risks and paranoia <span
 class="moz-smiley-s1"><span> :-) </span></span>). If you are only
testing Postfix, I would set it up with out chroot and look to put it
in a chroot later when you are happy (Makes finding chroot problems
easier) if you so desire.<br>
<br>
Drew<br>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail at jiscmail.ac.uk">jiscmail at jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

More information about the MailScanner mailing list