Hi!
This is to inform the postfix community that I just uploaded
another postfix release to debian unstable which disables the
badly famous chroot-by-default of postfix services. Here's
the changelog entry:
postfix (3.10.6-4) unstable; urgency=medium
* disable chrooting by default finally, after 25 years of everyone
suffering.
Only limited support for chroot mode will be provided for backwards
compatibility. With this in mind, let's close all chroot-related bugs.
Closes: #151692, #1084167, #606007, #631665, #714770, #406348,
Closes: #1026394, #257096, #278530, #776685, #893516, #935825,
Closes: #678808, #896879, #412413, #802043
When I started working on postfix packaging last year, the plan was
to make this a debconf question, - because 25 years of history is
not nothing, because everyone got used to chroot being enabled by
default on debian and derivates. But as it turns out, whole debconf
of postfix packaging needs a complete rewrite.. So there's no reason
to wait any longer with that and with chroot being off by default.
I'm sorry I didn't do this for debian trixie (current debian stable
release), - I really wanted to make it configurable. Time makes its
own corrections though. I was all for turning this off by default in
debian all these years, but the former postfix maintainer in debian was
not listening.
BTW, on my sites, I run postfix chrooted on all servers, with the
usage of actual chroot-update script from debian package, - the
chroot has become much simpler and smaller and doesn't need
babysitting anymore. But there are corner cases in various other
configurations still, endless amount of corner cases. Today, it is
more important to have various auth plugins (oauth2 etc), than to
run services within a sandbox.
Thanks,
/mjt
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
