MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.

Unlike what we wrote in 2014 (cf. 4fb4be4d279dd94cab33fc778cfa318b93d6926f)
the postscreen(8) server can run chrooted, meaning we can also chroot
the smtpd(8), tlsproxy(8), dnsblog(8) and cleanup(8) daemons.

7 files changed, 6 insertions, 8 deletions

diff --git a/roles/MX/files/etc/postfix/reject-unknown-client-hostname.cf b/roles/MX/files/etc/postfix/reject-unknown-client-hostname.cf
index 6969f75..1f61f4b 100644
--- a/roles/MX/files/etc/postfix/reject-unknown-client-hostname.cf
+++ b/roles/MX/files/etc/postfix/reject-unknown-client-hostname.cf
@@ -1,4 +1,4 @@
-server_host      = ldapi://%2Fvar%2Fspool%2Fpostfix-mx%2Fprivate%2Fldapi/
+server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
diff --git a/roles/MX/files/etc/postfix/virtual/alias.cf b/roles/MX/files/etc/postfix/virtual/alias.cf
index 1c104a9..2e846ca 100644
--- a/roles/MX/files/etc/postfix/virtual/alias.cf
+++ b/roles/MX/files/etc/postfix/virtual/alias.cf
@@ -1,4 +1,4 @@
-server_host      = ldapi://%2Fvar%2Fspool%2Fpostfix-mx%2Fprivate%2Fldapi/
+server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
diff --git a/roles/MX/files/etc/postfix/virtual/alias_domains.cf b/roles/MX/files/etc/postfix/virtual/alias_domains.cf
index 907166f..1108ea1 100644
--- a/roles/MX/files/etc/postfix/virtual/alias_domains.cf
+++ b/roles/MX/files/etc/postfix/virtual/alias_domains.cf
@@ -1,4 +1,4 @@
-server_host      = ldapi://%2Fvar%2Fspool%2Fpostfix-mx%2Fprivate%2Fldapi/
+server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 domain           = static:all
diff --git a/roles/MX/files/etc/postfix/virtual/catchall.cf b/roles/MX/files/etc/postfix/virtual/catchall.cf
index e0e6350..a67d39c 100644
--- a/roles/MX/files/etc/postfix/virtual/catchall.cf
+++ b/roles/MX/files/etc/postfix/virtual/catchall.cf
@@ -1,4 +1,4 @@
-server_host      = ldapi://%2Fvar%2Fspool%2Fpostfix-mx%2Fprivate%2Fldapi/
+server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 domain           = static:all
diff --git a/roles/MX/files/etc/postfix/virtual/domains.cf b/roles/MX/files/etc/postfix/virtual/domains.cf
index f5a7f25..88e17e2 100644
--- a/roles/MX/files/etc/postfix/virtual/domains.cf
+++ b/roles/MX/files/etc/postfix/virtual/domains.cf
@@ -1,5 +1,3 @@
-# XXX: How come we use a socked relative to the chroot here? smtpd(8) is
-# not (can't be) chrooted...
 server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
diff --git a/roles/MX/files/etc/postfix/virtual/list.cf b/roles/MX/files/etc/postfix/virtual/list.cf
index 99e2147..e2df119 100644
--- a/roles/MX/files/etc/postfix/virtual/list.cf
+++ b/roles/MX/files/etc/postfix/virtual/list.cf
@@ -1,4 +1,4 @@
-server_host      = ldapi://%2Fvar%2Fspool%2Fpostfix-mx%2Fprivate%2Fldapi/
+server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
diff --git a/roles/MX/files/etc/postfix/virtual/mailbox.cf b/roles/MX/files/etc/postfix/virtual/mailbox.cf
index 7289670..36862db 100644
--- a/roles/MX/files/etc/postfix/virtual/mailbox.cf
+++ b/roles/MX/files/etc/postfix/virtual/mailbox.cf
@@ -1,4 +1,4 @@
-server_host      = ldapi://%2Fvar%2Fspool%2Fpostfix-mx%2Fprivate%2Fldapi/
+server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all