From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030701 Description of problem: When postfix starts, there is a chrooted jail cell set up by default. The /var/spool/postfix/etc/ directory is the equivalent of the /etc/ directory. When external sources attempt to deliver mail to a local recipient, all mail will fail unless the user exists on the system. Postfix checks the user accounts through many methods, including and especially, the /etc/passwd file, which is not present. Version-Release number of selected component (if applicable): postfix-1.1.11-11 How reproducible: Always Steps to Reproduce: 1. Install postfix 2. Run redhat-switch-mail 3. Set main.cf to listen on all interfacecs 4. (keep chroot configuration as default specifies) 5. start postfix 6. Ensure user 'pbarber' (or other some such user id) is on system. 7. attempt to deliver e-mail to the host through a manual telnet to port 25 session. Actual Results: here's my illustration: [root@hoser postfix]# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 hoser.host ESMTP Postfix HELO hoser.host 250 hoser.host MAIL FROM: <pbarber> 250 Ok RCPT TO: <pbarber> (LONG delay here) 550 <pbarber>: User unknown ^] telnet> close Expected Results: Well, postfix should have been able to figure out that ~pbarber exists on the system, and delivered the mail without all this heartbreak. Additional info: If you plunk an /etc/passwd file into /var/spool/postfix/etc/passwd, and restart postfix, the mail gets delivered. I believe that the /etc/passwd should be copied into that directory on startup. There are probably better solutions, though. There may be valid reasons not to do this; if so, I'm listening. I have a stupid 3 line patch that changes /etc/init.d/postfix to do this on startup. Here's the results after copying /etc/passwd to /var/spool/postfix/etc/passwd: [root@rf init.d]# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 hoser.host ESMTP Postfix HELO hoser.host 250 hoser.host MAIL FROM: <pbarber> 250 Ok RCPT TO: <pbarber> 250 Ok data 354 End data with <CR><LF>.<CR><LF> Subject: Hallo!!! this was successful. . . 250 Ok: queued as 07140480062 quit 221 Bye Connection closed by foreign host.
Created attachment 92893 [details] patch to fix startup script; gets passwd file into jailcell. This patch automatically puts the /etc/passwd file into the postfix jailcell. This way local users can actually get delivery on e-mail.
Postfix as supplied by Red Hat no longer runs in a chroot jail. The additional security provided by the chroot jail was not justified by the problems it created, as you have pointed out. Even the postfix author no longer recommends a chroot jail. I suggest you upgrade to the current postfix package (2.0.11-4) which you can find on ftp.redhat.com.