[Bug 1023550] Re: Postfix missing libresolv in chroot jail
Scott Kitterman
ubuntu at kitterman.com
Thu Jul 26 22:07:31 UTC 2012
** Description changed:
+ [IMPACT]
+
+ By hostname map lookups in the chroot fail. This requires users to
+ either unchroot their postfix, which is a less secure configuration,
+ manually create symlinks, or refer to remote map locations by IP address
+ (which is not a very maintainable solution. Absent doing the
+ workaround, mail deliver fails.
+
+ [TESTCASE]
+
+ Set up a postfix to use a remote mysql map using the /etc/postfix/mysql-
+ virtual.cf file shown in comment #3 (don't forget to restart postfix
+ afterwards). You will also need to have syslog running in your test
+ environment.
+
+ Send mail to postfix. This could be as simple as:
+
+ telnet localhost 25
+ ehlo example.com
+ mail from: postmaster at example.com
+ rcpt to: postmaster at example.net.
+
+ At this point you'll get a response that the message was deferred (450).
+ Check /var/log/mail.log and you should see an error like:
+
+ postfix/trivial-rewrite[20176]: warning: connect to mysql server
+ www.ubuntu.com: Unknown MySQL server host 'www.ubuntu.com'
+
+ This indicated a DNS lookup failure (the problem).
+
+ Install the updated package, restart postfix and connect again. The
+ message will still be deferred (450) due to lack of a working mysql
+ database at www.ubuntu.com, but the DNS lookup will succeed.
+
+ [Regression Potential]
+
+ None. Worst case is I spelled the name of the new lib wrong and the bug
+ just doesn't get fixed.
+
+ [Other Info]
+
+ Although not the most common of use cases, I think it's an important one
+ to support for servers, so we should push to get this into 12.04.1.
+
+ [Original bug]
+
This is with Postfix 2.9.1-5 on Ubuntu 12.04 LTS
--- Setup to reproduce
- Configure postfix to use mysql for virtual alias maps
- Specify a DNS hostname instead of an IP address or localhost for "hosts:"
--- Symptoms:
All postfix mail routing actions fail. The log contains:
postfix/trivial-rewrite[20176]: warning: connect to mysql server my.example.com: Unknown MySQL server host 'my.example.com' (2)
warning: mysql:/etc/postfix/mysql-virtual_aliases.cf: table lookup problem
warning: virtual_alias_domains lookup failure
The same configuration works fine if you specify an IP address instead
of a DNS hostname.
--- Cause:
libresolv is missing from the postfix chroot jail. That causes the mysql
client library used by postfix to not be able to resolve any DNS names.
--- Workaround:
sudo cp -p /lib/x86_64-linux-gnu/libresolv* /var/spool/postfix/lib/x86_64-linux-gnu/
sudo postfix restart
--- Expected fix:
Fix the postfix installation routines to include libresolv in the chroot jail.
I do not know enough about this to provide a ready-made patch, unfortunately.
** Description changed:
[IMPACT]
By hostname map lookups in the chroot fail. This requires users to
either unchroot their postfix, which is a less secure configuration,
manually create symlinks, or refer to remote map locations by IP address
(which is not a very maintainable solution. Absent doing the
workaround, mail deliver fails.
[TESTCASE]
Set up a postfix to use a remote mysql map using the /etc/postfix/mysql-
virtual.cf file shown in comment #3 (don't forget to restart postfix
afterwards). You will also need to have syslog running in your test
environment.
Send mail to postfix. This could be as simple as:
telnet localhost 25
ehlo example.com
mail from: postmaster at example.com
rcpt to: postmaster at example.net.
At this point you'll get a response that the message was deferred (450).
Check /var/log/mail.log and you should see an error like:
postfix/trivial-rewrite[20176]: warning: connect to mysql server
www.ubuntu.com: Unknown MySQL server host 'www.ubuntu.com'
This indicated a DNS lookup failure (the problem).
Install the updated package, restart postfix and connect again. The
message will still be deferred (450) due to lack of a working mysql
database at www.ubuntu.com, but the DNS lookup will succeed.
+
+ warning: connect to mysql server www.ubuntu.com: Can't connect to MySQL
+ server on 'www.ubuntu.com'
[Regression Potential]
None. Worst case is I spelled the name of the new lib wrong and the bug
just doesn't get fixed.
[Other Info]
Although not the most common of use cases, I think it's an important one
to support for servers, so we should push to get this into 12.04.1.
[Original bug]
This is with Postfix 2.9.1-5 on Ubuntu 12.04 LTS
--- Setup to reproduce
- Configure postfix to use mysql for virtual alias maps
- Specify a DNS hostname instead of an IP address or localhost for "hosts:"
--- Symptoms:
All postfix mail routing actions fail. The log contains:
postfix/trivial-rewrite[20176]: warning: connect to mysql server my.example.com: Unknown MySQL server host 'my.example.com' (2)
warning: mysql:/etc/postfix/mysql-virtual_aliases.cf: table lookup problem
warning: virtual_alias_domains lookup failure
The same configuration works fine if you specify an IP address instead
of a DNS hostname.
--- Cause:
libresolv is missing from the postfix chroot jail. That causes the mysql
client library used by postfix to not be able to resolve any DNS names.
--- Workaround:
sudo cp -p /lib/x86_64-linux-gnu/libresolv* /var/spool/postfix/lib/x86_64-linux-gnu/
sudo postfix restart
--- Expected fix:
Fix the postfix installation routines to include libresolv in the chroot jail.
I do not know enough about this to provide a ready-made patch, unfortunately.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1023550
Title:
Postfix missing libresolv in chroot jail
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1023550/+subscriptions
More information about the Ubuntu-server-bugs
mailing list