From bac2f60e22a3c6ba5580c74a194fda982fb2e2ab Mon Sep 17 00:00:00 2001
From: Micah <micah@leap.se>
Date: Tue, 12 Apr 2016 09:30:44 -0400
Subject: [PATCH] In order for postfix to access the opendkim milter socket, we
 need to remove the chroot option for the cleanup service. (#8020)

See e97a9d3800b173375a630e18e4b1aa0894eb96e1 for opendkim
implementation.

Change-Id: I2742650965e61273fb804ebe9ce3f9bd38796582
---
 puppet/modules/site_postfix/manifests/mx.pp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 7837f415..2e735fc4 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -92,6 +92,13 @@ class site_postfix::mx {
       value => 'enforce';
   }
 
+  # Make sure that the cleanup serivce is not chrooted, otherwise it cannot
+  # access the opendkim milter socket (#8020)
+  exec { 'unset_cleanup_chroot':
+    command => '/usr/sbin/postconf -F "cleanup/unix/chroot=n"'
+    onlyif  => '/usr/sbin/postconf -h -F "cleanup/unix/chroot" | egrep -q ^n'
+  }
+
   include ::site_postfix::mx::smtpd_checks
   include ::site_postfix::mx::checks
   include ::site_postfix::mx::smtp_tls
-- 
GitLab