I currently run a postfix mailserver and have souped it up to use all the latest security features (see Hamzah Khan’s blog for a good tutorial). One thing that had been bothering me though was the appearance of the above milter connection failures in the logs – even though these seemed to fail gracefully it was a worrying sign that something was Just Not Right.
After a lot of trial and error, it seems that the culprit is my postfix chroot jail. I had originally attempted to compensate for this by defining “Socket /var/spool/postfix/var/run/opendkim/opendkim.sock” in /etc/opendkim.conf, but even so, postfix was throwing errors (and no, putting the socket in the standard location doesn’t work – I tried that!). It turns out that postfix sometimes attempts to connect to the socket from inside the jail, and sometimes from outside. The solution is to create a soft link in the standard location pointing to the real socket inside the jail.
Of course I could have reconfigured it to bind to a localhost port instead, but the soft link was less work.
The change to udev badly broke the Debian upgrade pathway from etch to lenny and above. If you are still running a 2.4 kernel when you try to upgrade, you can easily be left without any kernel at all. The “official” way to do it is to first add the etch repositories and upgrade to etch’s 2.6 kernel, then reboot into your udev-capable kernel before continuing. Now that the etch repositories have gone, this is quite difficult.
But not impossible! You just can’t do it from within a running system. Instructions follow:
- add the lenny (or later) repositories to /etc/apt/sources.list and run `apt-get update`
- reboot into a lenny (or later) install CD
- choose advanced -> rescue mode
- answer the usual install/config questions – don’t worry about networking for now
- execute a shell in the target environment *
- `ifup eth0` (or whatever you need to get networking running)
- `export TERM=vt100` (because bterm is badly broken)
- `apt-get install linux-image-2.6.26-2-686` (or whatever kernel is appropriate)
- reboot and do `apt-get dist-upgrade`
(*) The installer may not automatically mount your root partition – if so then you won’t be able to execute a shell in the target environment. In that case:
- start a shell in the installer environment
- mount your root partition somewhere by hand (this may be nontrivial if you’re using LVM!)
- cd into it
- `mount -t proc proc proc`
- `chroot .`
You now have a shell in the target environment.