Postfix missing libresolv in chroot jail
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Fix Released
|
High
|
Scott Kitterman | ||
Precise |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
[IMPACT]
By hostname map lookups in the chroot fail. This requires users to either unchroot their postfix, which is a less secure configuration, manually create symlinks, or refer to remote map locations by IP address (which is not a very maintainable solution. Absent doing the workaround, mail deliver fails.
[TESTCASE]
Set up a postfix to use a remote mysql map using the /etc/postfix/
Send mail to postfix. This could be as simple as:
telnet localhost 25
ehlo example.com
mail from: <email address hidden>
rcpt to: <email address hidden>.
At this point you'll get a response that the message was deferred (450). Check /var/log/mail.log and you should see an error like:
postfix/
This indicated a DNS lookup failure (the problem).
Install the updated package, restart postfix and connect again. The message will still be deferred (450) due to lack of a working mysql database at www.ubuntu.com, but the DNS lookup will succeed.
warning: connect to mysql server www.ubuntu.com: Can't connect to MySQL server on 'www.ubuntu.com'
[Regression Potential]
None. Worst case is I spelled the name of the new lib wrong and the bug just doesn't get fixed.
[Other Info]
Although not the most common of use cases, I think it's an important one to support for servers, so we should push to get this into 12.04.1.
[Original bug]
This is with Postfix 2.9.1-5 on Ubuntu 12.04 LTS
--- Setup to reproduce
- Configure postfix to use mysql for virtual alias maps
- Specify a DNS hostname instead of an IP address or localhost for "hosts:"
--- Symptoms:
All postfix mail routing actions fail. The log contains:
postfix/
warning: mysql:/
warning: virtual_
The same configuration works fine if you specify an IP address instead of a DNS hostname.
--- Cause:
libresolv is missing from the postfix chroot jail. That causes the mysql client library used by postfix to not be able to resolve any DNS names.
--- Workaround:
sudo cp -p /lib/x86_
sudo postfix restart
--- Expected fix:
Fix the postfix installation routines to include libresolv in the chroot jail.
I do not know enough about this to provide a ready-made patch, unfortunately.
Changed in postfix (Ubuntu): | |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in postfix (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Scott Kitterman (kitterman) |
milestone: | none → ubuntu-12.04.1 |
description: | updated |
description: | updated |
Seems reasonable since it's installed by default.