1 (edited by jmichel 2014-01-29 22:33:13)

Topic: Copy /lib[64]/lib[nss_*,resol] to postfix chroot for DNS resolution ?

EDIT : this might be caused by /etc/postfix/chroot-update scrit missing. I am continuing to investigate.

I wasn't able to have policyd whitelist some domains (by name -> dns), and
looking in the logs, it seemed that the dns resolution was not done by smtpd.
( connect from unknown[ip] / client=unknown(ip) etc...)

Googling around gave me something that seems to work well : copying the
/lib (lib64 in my case) resolv/nss related libs in the postfix chroot (/var/spool/postfix).

Perhaps this is something which is also valid for other distros and that should be
included in the functions/postfix.sh script

==== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Centos 6.x
- Related log if you're reporting an issue:
====

2

Re: Copy /lib[64]/lib[nss_*,resol] to postfix chroot for DNS resolution ?

Does DNS resolution really matter in your case?

3

Re: Copy /lib[64]/lib[nss_*,resol] to postfix chroot for DNS resolution ?

ZhangHuangbin wrote:

Does DNS resolution really matter in your case?

Of course, if not, then the policyd filtering fails on tests based on the client name
(it gets "unknown" instead of the FQDN).

JJ

4

Re: Copy /lib[64]/lib[nss_*,resol] to postfix chroot for DNS resolution ?

Well, you can try copying lib files.

5

Re: Copy /lib[64]/lib[nss_*,resol] to postfix chroot for DNS resolution ?

ZhangHuangbin wrote:

Well, you can try copying lib files.

I did : it just works.

Thanks for your answers.