DevHeads.net

chroot setting in master.cf

I'm configuring master.cf to add amavisd-new. The amavisd-new documentation
(/usr/share/doc/amavisd-new/README.postfix.html) differs from the default
master.cf file regarding the chroot setting for the cleanup (and
pre-cleanup) service. I presume that the amavisd-new documentation is in
error and that I should go with the chroot setting that's in the default
master.cf. But I don't know enough about the implications of one vs. the
other to be sure.

Specifically, I have three questions:

1) Section 4.2.1 of the above web page shows adding a pre-cleanup service
with chroot=n. But the default master.cf has the cleanup service configured
with chroot=y. Should I use the same chroot=y setting for the pre-cleanup
service?

2) Section 4.2.2 of the above web page shows modifying the existing cleanup
service to add some "-o" options. But it shows the cleanup service with
chroot=n. Should I leave chroot=y for the cleanup service?

3) The above web page also shows the new "amavisfeed" and "127.0.0.1:10025"
services with chroot=n. But similar services in master.cf have chroot=y.
Should these two new services also use chroot=y?

Thanks in advance,
Michael

Comments

Re: chroot setting in master.cf

By Noel Jones at 08/10/2017 - 16:49

On 8/10/2017 2:46 PM, Michael Fox wrote:
The default master.cf as distributed by postfix has all services as
chroot "n", and that is the recommended setting.

-- Noel Jones