1. В /var/spool/postfix создаем директории dev и etc.
В etc копируем файлы /etc/host.conf /etc/localtime /etc/services /etc/resolv.conf
2. Правим master.cf, ставим в колонке chroot символ 'y' у следующих процессов:
smtp, pickup, cleanup, qmgr, rewrite, bounce, defer, trace, verify, flush, relay, showq, error
3. Активируем proxymap для чтения файлов из вне chroot окружения (/etc/passwd,
aliases, различные "map"-файлы), например:
local_recipient_maps = $alias_maps proxy:unix:passwd.byname
relay_domains = $mydestination, proxy:hash:/usr/local/etc/postfix/relay_domains
smtpd_sender_restrictions = check_sender_access proxy:hash:/usr/local/etc/postfix/ access,
reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_client_restrictions = check_client_access proxy:hash:/usr/local/etc/postfix/access_clients,
check_recipient_access proxy:hash:/usr/local/etc/postfix/spam_allowed,
check_client_access proxy:hash:/usr/local/etc/postfix/antispam/blocklist/block_list,
check_client_access proxy:hash:/usr/local/etc/postfix/antispam/blocklist/block_list_arc,
check_client_access regexp:/usr/local/etc/postfix/dsl_stoplist.txt,
reject_rbl_client rbl.test.ru
smtpd_recipient_restrictions = check_recipient_access proxy:hash:/usr/local/etc/postfix/fullboxes,
reject_non_fqdn_recipient,
permit_mynetworks,
reject_unknown_recipient_domain,
reject_unauth_destination
transport_maps = proxy:hash:/usr/local/etc/postfix/transport
proxy_read_maps = $smtpd_helo_restrictions $smtpd_recipient_restrictions $smtpd_sender_restrictions \
$smtpd_client_restrictions $local_recipient_maps $mydestination $virtual_alias_maps \
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps \
$relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps \
$relocated_maps $transport_maps $mynetworks
3. Создаем дополнительный syslog сокет в chroot окружении:
FreeBSD: "syslogd -l /var/spool/postfix/dev/log"
Linux: "syslogd -a /var/spool/postfix/dev/log"
|
