Thanks Richard, BTW, I also installed from packages.
So, with a unix socket you still have the same problem I do with the inet socket, which is: the order of start/restart matters and can break things. That's not good. This seems like a clear bug in MIMEDefang. Evidence: 1) Other milter(s) share a socket with Postfix and don't care which order they are started/restarted (example: OpenDKIM) 2) Dovecot shares a socket with Postfix and doesn't care which order they are started/restarted 3) Amavisd-new is a different mechanism, but it also doesn't care which order it is started/restarted 4) And even MIMEDefang didn't care about the order in v2.73 I'm new to the list. What's the process for reporting/resolving issues? Thanks, Michael > -----Original Message----- > From: Richard Laager [mailto:[email protected]] > Sent: Friday, September 22, 2017 9:51 PM > To: Michael Fox <[email protected]> > Cc: [email protected] > Subject: Re: [Mimedefang] REVISED: postfix/mimedefang socket > > On 09/22/2017 12:47 PM, Michael Fox wrote: > > Option 3: Use unix socket in Postfix chroot jail > > This looks to be what I do. I'm running Postfix and MIMEDefang on > Ubuntu, both from packages. Postfix runs as the postfix user, and > there's a defang group. I run Postfix in a chroot. > > These appear to be the relevant parts of my install script: > > adduser --quiet postfix defang > > install -d -o defang -g defang -m 750 \ > /var/spool/postfix/var/spool/MIMEDefang > > chown -R defang:defang \ > /var/lib/MIMEDefang \ > /var/spool/MIMEDefang \ > /var/spool/postfix/var/spool/MIMEDefang > > sed -i 's|^\(# > \)\?\(SOCKET\)=.*|\2=/var/spool/postfix/var/spool/MIMEDefang/mimedefang.so > ck|' \ > /etc/default/mimedefang > > I believe we have some sort of trouble if one of the daemons is > restarted, but not the other, or if it's done in the wrong order or > something. I don't have a lot of specifics off the top of my head. In > practice, we hardly ever restart one or the other. It's usually either > stopping both (and starting MIMEDefang first, to give slaves a chance to > spin up), or rebooting the server. > > I hope this helps. If you have specific questions, I'll try to dig into > my config if I can. I'm currently out of the office, though. > > -- > Richard _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
