I'd say it's nice. However, why is it using "subnet" by default? Maybe Wietse/others have good reasons for it? I'd prefer they back the change on their side - also, it's better for us to change only the lowest possible number of parameters, so that new users are less lost when setting up our package for their needs.
i'll ask.... but probably the reason is that postfix target is real mail servers on a lan, not standalone system.
I'd say that chrooting is good for security, and it's generally a good option. People wanting more complex or problematic-with-chroot configs can normally easily remove it. It would help to know what are the strong feeling sof Wietse.
look at this thread http://archives.neohapsis.com/archives/postfix/2003-10/1590.html especially Wietse comments: http://archives.neohapsis.com/archives/postfix/2003-10/1600.html http://archives.neohapsis.com/archives/postfix/2003-10/1620.html and Simon's http://archives.neohapsis.com/archives/postfix/2003-10/1733.html
Tough i believe Simons script sucks :) Postfix binaries chroot themselves after starting, so there should be no need to copy libraries they are linked to in the chroot. We should only need to copy libraries dlopen()-ed by those binaries and their requirements (if they are not already loaded by the binaries)
With this i mean that only nss libraries should be needed (sasl plugins are loaded before chrooting)
L.
-- Luca Berra -- [EMAIL PROTECTED] Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \
