On Jul 24, 2012, at 18:24, DTNX Postmaster wrote: > This works for us; > > $ ls -ald /etc/postfix > drwxr-x--- 5 root postcfg 4096 Jul 24 18:05 /etc/postfix > > The postfix user is a member of the 'postcfg' group. Any admin accounts > that need access to the contents can also be added if needs be.
To clarify, this is what we use on relay servers that do not have any local processes besides Postfix that need access. On servers where this is needed, such as for the use of 'sendmail', the '/etc/postfix' directory is kept world readable, as are the .cf files. Everything that isn't part of the default config, such as map files, is kept inside a subdirectory inside '/etc/postfix', which has the limited permissions. That way the permissions on the files themselves are not as critical. Cya, Jona
