[SOLVED] Postfix chroot jail help (won't work)

theblah · 02-23-2013, 04:23 PM

Howdy,

I'm desperately trying to setup Postfix to run chrooted. Only bit of info on this comes from the man page which simply says to follow the instructions in master.cf (lol).
master.cf is self explanatory, just set 'y' in the chroot column. BUT NO, it still doesn't work.

Code:

# pgrep master
12661
# ls -lh /proc/12661/root
lrwxrwxrwx 1 root root 0 Feb 23 22:03 /proc/12661/root -> /

Still points to my root! This means it still reads user related info (local_recipient_maps for example) from /etc/passwd, which I do not want to. I want to use a separate passwd file in the chroot.
I tried setting:

Code:

local_recipient_maps = $maps
maps=/var/spool/postfix/etc/passwd

but still nothing. It still reads from /etc/passwd.

Chroot env is set in /var/spool/postfix and all needed files and libs are there.

Code:

# postmulti -l
-               -               y         /var/spool/postfix/etc/postfix

Ubuntu 12.04.2 LTS, postfix 2.10 (compiled).

master.cf:

Code:

smtp      inet  n       -       y       -       -       smtpd
smtpd     pass  -       -       y       -       -       smtpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       y       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       y       -       -       proxymap
proxywrite unix -       -       y       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       y       -       -       local
virtual   unix  -       n       y       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache

Code:

# postconf -n
command_directory = /var/spool/postfix/usr/sbin
config_directory = /var/spool/postfix/etc/postfix
daemon_directory = /var/spool/postfix/usr/libexec/postfix
data_directory = /var/spool/postfix/var/lib/postfix
debug_peer_level = 2
default_privs = nobody
header_checks = regexp:/var/spool/postfix/etc/postfix/header_checks
html_directory = no
inet_interfaces = loopback-only
inet_protocols = ipv4
local_recipient_maps = $maps
mail_owner = postfix
mailq_path = /var/spool/postfix/usr/bin/mailq
manpage_directory = /usr/local/man
maps = /var/spool/postfix/etc/passwd
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
newaliases_path = /var/spool/postfix/usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /var/spool/postfix/etc/postfix
sendmail_path = /var/spool/postfix/usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
unknown_local_recipient_reject_code = 550

Please help

theblah · 02-25-2013, 06:07 AM

I found this:
http://www.postfix.org/BASIC_CONFIGU...l#chroot_setup

Quote:

With the exception of Postfix daemons that deliver mail locally and/or that execute non-Postfix commands, every Postfix daemon can run chrooted.

I also found this:
http://www.postfix.org/proxymap.8.html

Quote:

The proxymap(8) server provides read-only or read-write
table lookup service to Postfix processes. These services
are implemented with distinct service names: proxymap and
proxywrite, respectively. The purpose of these services
is:

o To overcome chroot restrictions. For example, a
chrooted SMTP server needs access to the system
passwd file in order to reject mail for non-exis-
tent local addresses, but it is not practical to
maintain a copy of the passwd file in the chroot
jail. The solution:

Code:

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

I want the exact opposite. It'd be extremely practical for me.

theblah · 02-26-2013, 02:05 AM

Eventually I tried running Postfix from a separate chroot jail I created. It worked sending mails but I only later figured out it still wouldn't achieve my purpose.
I'm running Apache with mod_itk - each vhost under a separate username. I wanted to deny access for these users to /etc /var /sbin and so on, but because PHP mail() was calling sendmail from outside the chroot, it still didn't work (it needed access to various files in /etc).
I fixed this by replacing sendmail with MSMTP and adding in php.ini

Code:

sendmail_path="/bin/msmtp --host=127.0.0.1 --port=25 -f mailer@localhost -t"

Anyhow, for those thinking Postfix can be entirely chrooted from master.cf - no, it can't.