|Main Archive Page > Month Archives > postfix-users archives|
On Tue, Mar 01, 2011 at 07:00:43PM -0600, /dev/rob0 wrote:
> [ top-posting fixed, please don't do that ]
> On Tue, Mar 01, 2011 at 05:34:50PM -0700, Jeff Orrok wrote:
> > On 3/1/2011 4:57 PM, Wietse Venema wrote:
> > >See:
> > >http://www.postfix.org/DEBUG_README.html#no_chroot
> > >
> > >and please complain to your supplier.
> > Thanks Wietse! :-)
> > I changed all -'s to n's in master.cf chroot column and did a
> > postfix reload and a postqueue -f and everything sailed away
> > smoothly.
> > But I'm mystified as to why it would be working fine for an entire
> > month and then out of the blue (well, ok, the client thinks there
> > may have been a power failure) start to misbehave. The date on
> > master.cf was Jan 24, which I think is when I installed it. Why
> > would it suddenly break? I've done postfix reload several times
> > since installing, possibly even restarting postfix as well.
> This is not surprising if you're not using your own local
> nameserver. One obvious possibility is that the provider changed
> IP addresses of nameservers given to DHCP and other network clients.
> Perhaps your answer lies in /var/spool/postfix/etc/resolv.conf if
> your restarts were not done using the Debian init script.
> I've had enough problems with bad ISPs and their bad nameservers; I
> always run my own BIND named(8) doing recursion for the Postfix
> server. That way, when there are DNS problems, they also show up in
> the named logs as well as Postfix logs.
> Debian provides a README for their package. Please review it.
> I agree with Wietse about Debian's chroot. It was a poor decision on
> their part to chroot by default. A very high percentage of "Postfix"
> problems are attributable to this decision.
>  I believe the Debian BIND package has another unwise default,
> which is to use global forwarders rather than recursion. Use
> caution, and consult Debian and ISC documentation, if you decide
> to run your own nameserver for the Postfix machine.
> Offlist mail to this address is discarded unless
> "/dev/rob0" or "not-spam" is in Subject: header
I agree that running a local recusive nameserver is the way to
go. I would recommend that you use pdns_recursor-3.3+ instead:
There are .deb and .rpm versions available for x86. It is very
simple, very secure, and very lightweight compared to BIND's