Your message dated Thu, 20 Oct 2016 06:08:07 +0000 with message-id <[email protected]> and subject line Bug#833103: fixed in postfix 3.1.3-1 has caused the Debian Bug report #833103, regarding postfix: postinst script shouldn't insist on changing the chroot column to 'y' when upgrading from Postfix >= 3.0 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 833103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833103 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: postfix Version: 3.1.0-5 Severity: important Dear Maintainer, Since Postfix 3.0 the 'chroot' column in the master.cf defaults to 'n' (in compatibility_level=2 at least). With a 'chroot' column initially set to '-', the postinst script messes up and break the master.cf by moving services around and forcing services to be chrooted. ~$ sudo apt upgrade […] Setting up postfix (3.1.0-5) ... setting explicit chroot on /etc/postfix:smtp/inet/chroot […] setting explicit chroot on /etc/postfix:local/unix/chroot setting explicit chroot on /etc/postfix:virtual/unix/chroot setting explicit chroot on /etc/postfix:lmtp/unix/chroot setting explicit chroot on /etc/postfix:anvil/unix/chroot setting explicit chroot on /etc/postfix:scache/unix/chroot setting explicit chroot on /etc/postfix:maildrop/unix/chroot setting explicit chroot on /etc/postfix:uucp/unix/chroot setting explicit chroot on /etc/postfix:ifmail/unix/chroot setting explicit chroot on /etc/postfix:bsmtp/unix/chroot Postfix is now set up with the changes above. If you need to make changes, edit /etc/postfix/main.cf (and others) as needed. To view Postfix configuration values, see postconf(1). After modifying main.cf, be sure to run 'service postfix reload'. See master.cf diff attached. In particular, it chroots local(8), which breaks mail delivery to local UNIX users. I don't understand why the postinst script insists on changing the chroot column in the master.cf when upgrading from Postfix >= 3.0. Actually I thought the purpose of compatibility_level was precisely to avoid messing up the master.cf on upgrade. (By default a user upgrading from Postfix < 3.0 will have compatibility_level=0, hence the 'chroot' column will retain its default value 'y'.) http://www.postfix.org/COMPATIBILITY_README.html#chroot Thanks for maintaining Postfix, cheers, -- Guilhem. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages postfix depends on: ii adduser 3.115 ii cpio 2.11+dfsg-5 ii debconf [debconf-2.0] 1.5.59 ii dpkg 1.18.9 ii init-system-helpers 1.42 ii libc6 2.23-4 ii libdb5.3 5.3.28-12 ii libicu55 55.1-7 ii libsasl2-2 2.1.26.dfsg1-15 ii libsqlite3-0 3.13.0-1 ii libssl1.0.2 1.0.2h-1 ii lsb-base 9.20160629 ii netbase 5.3 ii ssl-cert 1.0.38 Versions of packages postfix recommends: ii python3 3.5.1-4 Versions of packages postfix suggests: ii dovecot-core [dovecot-common] 1:2.2.25-1 ii libsasl2-modules 2.1.26.dfsg1-15 ii mutt [mail-reader] 1.6.2-1 pn postfix-cdb <none> pn postfix-doc <none> pn postfix-ldap <none> pn postfix-mysql <none> pn postfix-pcre <none> pn postfix-pgsql <none> pn procmail <none> pn resolvconf <none> ii s-nail [mail-reader] 14.8.9-1 pn sasl2-bin <none> pn ufw <none> -- debconf information: postfix/dynamicmaps_conversion_warning: postfix/rfc1035_violation: false postfix/mailbox_limit: 0 postfix/mynetworks: 127.0.0.1/32 [::1]/128 postfix/mydomain_warning: * postfix/mailname: fresti.guilhem.org postfix/retry_upgrade_warning: postfix/recipient_delim: + postfix/bad_recipient_delimiter: postfix/destinations: fresti, fresti.guilhem.org, localhost, localhost.localdomain * postfix/main_mailer_type: Internet Site postfix/chattr: false postfix/sqlite_warning: postfix/compat_conversion_warning: true postfix/root_address: postfix/main_cf_conversion_warning: true postfix/procmail: false postfix/kernel_version_warning: postfix/tlsmgr_upgrade_warning: postfix/not_configured: postfix/protocols: all postfix/relay_restrictions_warning: postfix/relayhost:--- a/master.cf 2016-07-31 23:28:40.658744035 +0200 +++ b/master.cf 2016-07-31 23:29:58.892652497 +0200 @@ -9,7 +9,6 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== -smtp inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog @@ -37,31 +36,31 @@ # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd -pickup unix n - - 60 1 pickup -cleanup unix n - - - 0 cleanup -qmgr unix n - - 300 1 qmgr +smtp inet n - y - - smtpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup #qmgr unix n - - 300 1 oqmgr -tlsmgr unix - - - 1000? 1 tlsmgr -rewrite unix - - - - - trivial-rewrite -bounce unix - - - - 0 bounce -defer unix - - - - 0 bounce -trace unix - - - - 0 bounce -verify unix - - - - 1 verify -flush unix n - - 1000? 0 flush -proxymap unix - - - - - proxymap -proxywrite unix - - - - 1 proxymap -smtp unix - - - - - smtp -relay unix - - - - - smtp +qmgr unix n - y 300 1 qmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - y - - proxymap +proxywrite unix - - y - 1 proxymap +smtp unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - - - - showq -error unix - - - - - error -retry unix - - - - - error -discard unix - - - - - discard -local unix - n - - - local -virtual unix - n - - - virtual -lmtp unix - - - - - lmtp -anvil unix - - - - 1 anvil -scache unix - - - - 1 scache +relay unix - - y - - smtp +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n y - - local +virtual unix - n y - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual @@ -75,8 +74,7 @@ # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # -maildrop unix - n - - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +scache unix - - y - 1 scache # # ==================================================================== # @@ -107,14 +105,16 @@ # # See the Postfix UUCP_README file for configuration details. # -uucp unix - n - - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +maildrop unix - n y - - pipe flags=DRhu + user=vmail argv=/usr/bin/maildrop -d ${recipient} # # Other external delivery methods. # -ifmail unix - n - - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n - - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +uucp unix - n y - - pipe flags=Fqhu + user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +ifmail unix - n y - - pipe flags=F user=ftn + argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n y - - pipe flags=Fq. + user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: postfix Source-Version: 3.1.3-1 We believe that the bug you reported is fixed in the latest version of postfix, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. LaMont Jones <[email protected]> (supplier of updated postfix package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 18 Oct 2016 08:59:42 -0600 Source: postfix Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql postfix-pgsql postfix-dev postfix-doc Architecture: source Version: 3.1.3-1 Distribution: unstable Urgency: medium Maintainer: LaMont Jones <[email protected]> Changed-By: LaMont Jones <[email protected]> Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-dev - Loadable modules development environment for Postfix postfix-doc - Documentation for Postfix postfix-ldap - LDAP map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix Closes: 833103 838251 838528 Changes: postfix (3.1.3-1) unstable; urgency=medium . [Scott Kitterman] . * Provide main/master.cf.proto for multi-inst. Closes: #838528 * Only run post 3.0 master.cf fixup if upgrading from version before the fix. Closes: #833103 * Use full path for call to /usr/sbin/service in update-libc.d so it works from within the chroot. Closes: #838251 * Treat '-' as an empty instance name to avoid treating single instance systemd based setups as multi-instance. LP: #1627117 * Refresh patches * Extend debian/patches/03_ldap3_by_default.diff to also update man 5 ldap_table to document the default LDAP protocol version in Debian (3). * Build-depend on default-libmysqlclient-dev instead of libmysqlclient-dev * Make new instance check more like the old one . [Wietse Venema] . * New upstream. Checksums-Sha1: f8b9364e5a0688d11bdd11f9df681e31380bfb69 2551 postfix_3.1.3-1.dsc 0c1d57a929c66fe57e6cd9d25bb7d05fc72363d0 4338730 postfix_3.1.3.orig.tar.gz 9cd2f123288db595f57df75379e6ccbd0eb406a4 181892 postfix_3.1.3-1.debian.tar.xz Checksums-Sha256: 9d30c210fb362a8356957294f112f707b52562f396b1898c7f6abfec76e102af 2551 postfix_3.1.3-1.dsc 52f8127e6797e2617a36d0afb9473c55e95c3a777b6280df3f106168fd814979 4338730 postfix_3.1.3.orig.tar.gz bf82b3eb913c61412d30804e6bcc1ea0789a7b95cae73e389f8cafd2f19aeff4 181892 postfix_3.1.3-1.debian.tar.xz Files: b40736f6c66bb6f9c6945b158366d02b 2551 mail extra postfix_3.1.3-1.dsc 28a1dedbbbedfcf5fc09fd88bac116b6 4338730 mail extra postfix_3.1.3.orig.tar.gz dece312bb13bbb6c9623941304fbd22a 181892 mail extra postfix_3.1.3-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWAacWtVHlGMnADo/AQgwCA//bLe/M8lP7dk8EpNFLzb6bTgkxX8S/v1F ATdNdM6MK/G7/kEjwRujWNCydmJtvY/okmmIi0JJBxWIXwRjl4JJPh+aE8irbp50 5xYLMPerhMUXucpzLXmBHUIBf5VBg2rt74qwj2bDpPN29fkSRTGZa63kPY44G80k HH8gqLAwP6cGKX3xnPlSMG2Dee70tYjoPonJ8RfYclqqEanearaL7eKtTJDru1a8 efiqCDQuCeuofL3ykqRBSIY4hX46Xa7T/QWKOffURZ6Q+Mh+uzd8eC07VaFx/ky2 2hPG+7W8gE7u708CS8RWz64WWmfeFBVB+3ltGkuTq2SGUGp8eHDSCjc4k/cEq5lM KL+BOXzKWy7bCYLui6I3Uva1mav7wwjuEOAlcWONG9wwT2aA7UQvRQr4xZLEEdHg IZAzZchBxaX1EnrscC4x3mS4dJcpP+IdceTJFAGAacWG1jox1IJzR5Yj9wij7TZy mSbskpMVu2BqPVedstUXLVf337tDAP6W2l0+JYLyOt25fQFFMipWB+1gAKb3G2gK 5uwFNHSOaEKALVOXX199njTdwR3pBvs1nXA8JKOsFSxhIuGUZIPMfZUtPomAOKeV akR2IlYvkv5Depe2/dcSZJnra/8PaEZ1+TVm+/09EgNbv6ViEl9qXyPmWGbZjNhI NUxqFxXsu6g= =b6NJ -----END PGP SIGNATURE-----
--- End Message ---
