smtpd/smtpfwdd - chroot error

smtpd/smtpfwdd - chroot error

Post by Olivier LARRIGAUDIER » Sat, 24 Nov 2001 07:16:08



Hi,

    I try to configure sendmail with smtpd/smtpfwdd.
    I have in /var/log/mail.err this error message:
        Nov 21 21:37:25 centaure smtpd[253]: Couldn't chroot to
directory /var/spool/smtpd! (Operation not permitted)

    I use the smtpd user to start smtpd because I don't want to use the
root user (not recommended in the install instruction of smtpd).

    I use a debian linux.

Thanks for your help

Olivier

 
 
 

1. Can't construct AIX 4.1 chroot() area where DNS works (for smtpd)

Howdy.  I have an AIX 4.1.5.0.01 workstation that I'm trying to set up to be
as hacker-proof as possible, so I'm installing obtuse.com's "smtpd" sendmail
wrapper.

The Makefile includes compile flags for AIX, so obviously there's some way
to get smtpd to work on the platform, but I have been failing because I
can't seem to construct a chroot() tree where DNS works.  Every host that
connects to port 25, including localhost, produces an error in the syslog
of the form:

    Jun 21 18:07:09 my_machine smtpd[17162]: No reverse mapping for address
    127.0.0.1 (5)

Error code (5) is the SERVICE_UNAVAILABLE #define from /usr/include/netdb.h,
a kind of catchall error case.

I first tried copying the obvious files (/etc/resolve.conf etc.) into my
chroot() tree, but that didn't help, so I eventually copied in ALL of the
files from /etc (though no files from subdirectories of /etc) and all the
files from /usr/lib (though no files from subdirectories of same).  I then
used mknod and chmod to make a mirror image of the /dev directory (though
not /dev/pts/).  None of this helped.

You can try this out without smtpd.  To take an example from a
comp.unix.solaris thread where the way to fix this same problem on _that_ OS
was discussed, try (as root):

    % mkdir -p /your_chroot_dir/usr/bin
    % cp -p /usr/bin/finger /your_chroot_dir/usr/bin

    finger: Unknown host localhost

This will happen even if you've made a /your_chroot_dir/etc/hosts with
"localhost" in it and an etc/netsvc.conf telling name lookup to look there.

Does anyone know what magic file(s) need(s) to get copied into the chroot()
jail so that DNS will work there?  Did I just not go far enough in stopping
before duplicating the subdirectories of /dev, /etc, and /usr/lib?

Naturally, I'd like to construct the minimum-size chroot() tree that'll work.

---------------------------------------------------------------------------
Dan Harkless           | NOTE: Due to SPAM I have implemented a caller-ID-

Unitech Research, Inc. | your Subject to bypass or finger me for more info.

2. Can't send mail out

3. chroot+Apache: possible to place logfiles outside chroot cell?

4. ksh script for rlogin

5. BIND config tool + How do I select between chroot and no chroot?

6. dhclient binding to wrong IP

7. Running chroot applications in a chroot environment

8. Sun Solaris posting

9. Arrrgh! rsync "chroot failed" error message!

10. Chroot setup gets 530 error on ftp attempts

11. help about malloc error in chroot

12. smtpd problems

13. HELP!!! smtpd crashing