Tungsol Filaments

Postfix runs chrooted by default on most distributions. Jessie is no exception.
There are a couple of crucial modifications that are important and not well documented.

1) If you are running sasl, then this is the correct way to configure the chroot sasl
connection. Test your install first using testsaslauth -u [user] -p [password]. If you
get no connect or some other error you need the following additions.

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
service postfix restart
service saslauthd restart

Then retest with testsaslauth you should get OK “Success.”

2) The cache files of postfix are also chrooted into the /var/spool/var/lib/postfix(chroot)
directory. If you do not see the cache files listed below in this directory, then
complete the following to correct the cache file locations.

The cache directory /var/lib/postfix contains:
master.lock, prng_exch, smtpd_scache.db, smtp_scache.db,and verify_cache.db.
To be safe copy these files and restore them to the new chrooted folder.
They will update after restarting postfix.

rm -r /var/lib/postfix
mkdir -p /var/spool/postfix/var/lib/postfix
ln -s /var/spool/postfix/var/lib/postfix /var/lib
chgrp postfix /var/spool/postfix/var/lib/postfix
chown -R postfix:postfix /var/spool/postfix/var/lib/
service postfix restart

You can test by running:
postmap -s btree:/var/lib/postfix/verify_cache
You should see no errors.