On Thu, Aug 07, 2014 at 07:15:32PM +0100, Kevin Chadwick wrote: > On Thu, 7 Aug 2014 19:39:28 +0200 > Alexander Schrijver wrote: > > > > Yeah I'm not sure whether it is worth the effort but I was thinking if > > > a user has set a localhost as the nameserver then can we be very close > > > to certain that they are not going to change the resolv.conf? > > > > Having two DNS resolvers behave completely different because they're using > > different configuration data seems confusing and dangerous to me. > > In the localhost case? Changing your DNS randomly on a mail server > seems confusing and dangerous to me. As a client well shouldn't you be > using crypto/submission and not trusting DNS in any way? > > All I am wondering is how many use base unbound or a static setup > with opensmtpd and if there should atleast be a nob to turn chroot > on/off? >
Nope there's currently no way to turn chrooting for the lookup process. It's not really a resolver thing, we could have the resolver code in a chroot with some refactoring, but we need a process that does not run chrooted for other lookup purposes and it's more convenient to have the resolver code handled by the process. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org