Le mardi 30 avril 2024, 14:52:46 UTC Vincent Lefevre a écrit : Hi, > Control: tags -1 security > > On 2024-04-30 16:33:14 +0200, Vincent Lefevre wrote: > > If I try to restart postfix, I get: > > > > postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf and > > /etc/resolv.conf differ
A solution may be to bind mount ro /etc/resolv.conf to /var/spool/postfix/etc/resolv.conf Bastien > > BTW, note that this is a security issue, because with wifi, > the DNS server often corresponds to the local router (e.g. > 10.3.0.1), and it may happen that the obsolete IP address > may correspond to some random machine on the network, which > could act as a malicious DNS server. > > > Indeed, /var/spool/postfix/etc/resolv.conf contains obsolete data. > > > > I had to do "cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf". > > I don't know how the update should be done. I suppose that > /etc/network/if-up.d/postfix is pointless in case of wifi as > it says "Called when a new interface comes up", but for wifi, > this is the same interface, only a new network. > > And I don't understand why restarting postfix did not update > the file. > > BTW, even ethernet connections may be affected in case of > network reconfiguration. > >
signature.asc
Description: This is a digitally signed message part.
