10.12.2024 02:16, Jaroslaw Rafa via Postfix-users wrote:
Dnia 10.12.2024 o godz. 01:58:58 Michael Tokarev via Postfix-users pisze:
Hm... read-only /etc? How do you reconfigure anything then?
Remount-rw, configure, remount-ro. There's no need to configure
anything during regular system operations, actual time when
configuration is happening is a tiny fraction from all time
it is running.
Hm... when it comes to Postfix only, I update usually everyday, or every few
days, list of manually blacklisted senders (in addition to RBLs) referred in
smtpd_*_restrictions. It's kept in /etc/postfix, I could theoretically put
it elsewhere, but why, if that directory is just meant for such things? I
also sometimes update the aliases file, especially when users are created
or deleted (also creating/deleting user accounts themselves means modifying
/etc/passwd and /etc/shadow, at least).
You use what's better for you, that's all.
We have numerous systems running for decades. I don't babysit any of them.
For more loaded sites when I had to enable some dynamic restrictions, it's
done by scanning logs and generating maps to block things, storing them in
/var/lib or /var/cache - that's not configuration it's a current runtime
state.
Passwords - we don't use passwords most of the time, but ssh keys. Even
the authorized_keys are stored in /etc/ssh/authkeys/ (which is also readonly),
not in users $HOME/.ssh/ - this way it's easier to see who's alloeed to
login.
/mjt
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
