10.2 The chroot jail

One of the best things about running Postfix is that it runs in a chroot jail. As we haven't discussed it yet it's important to understand the directory structure that this uses. The directory itself is /var/spool/postfix where you will find the following:

    [root@ns postfix]# pwd
    [root@ns postfix]# ls
    active  bounce  corrupt  defer  deferred  etc  incoming  lib  maildrop  pid  private  public  saved  usr
    [root@ns postfix]#

Each of the listings in /var/spool/postfix is a directory. The ones which are very important for the chroot config are etc/ and lib/. The etc/ directory contains exact copies of the files of the same name from your /etc directory. If you change your running configuration in /etc without copying those files to the /var/spool/postfix/etc/ directory Postfix will start complaining, loudly.

The /var/spool/postfix/lib/ directory contains copies of your name resolution libraries as well as your ld.so.cache. These are actually copied into this directory on installation by the RPM itself. If you happen to be missing these you will find that Postfix logs in a very annoying manner. Every log entry will be an IP address only as it won't be able to resolve names. Here are the files we're concerned with:

    [root@ns lib]# pwd
    [root@ns lib]# ls
    ld.so.cache  libnss_dns.so.1  libnss_dns.so.2
    [root@ns lib]#