Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 12:59:39 +0200, Lupe Christoph wrote:
> Quoting Tomasz Papszun <firstname.lastname@example.org>:
> > On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote:
> > > is there any documentation on securing a postfix server readily
> > > available? I didn't find anything much at the postfix homepage, nor in
> > > the postfix-doc package.
> > > I'd be especially interested in chrooting postfix processes.
> > In Debian, postfix is chrooted by default.
> Not true. A number of processes are chrooted, but not all. Please look
> at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix.
Sure, I know it.
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
smtp inet n - - - - smtpd
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 nqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
flush unix n - - 1000? 0 flush
smtp unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
But I think that (almost?) all process that _can_ be chrooted, _are_
How could the 'local' process deliver mail to user mailboxes if it would
If I'm wrong and it's possible somehow, someone may correct me of
> Sven, do you want to chroot *all* processes? Postfix is supposed to be
> secure out of the box
I think the same :-) .
> (except for programming errors, as we recently saw :-( ).
Even those, they were just vulnerable to DoS and "bounce scans", not
> So improving Postfix security should be done inside of
> Postfix. You may want to you the Postfix mailing list (warning: lots
> of traffic!) and ask there.
> Lupe Christoph
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
email@example.com http://www.lodz.tpsa.pl/ | ones and zeros.