wie...@porcupine.org (Wietse Venema) writes: > Eric Abrahamsen: >> wie...@porcupine.org (Wietse Venema) writes: >> >> > Eric Abrahamsen: >> >> > One more thing: to make the logging understandable you also need >> >> > to specify the syslog_name. >> >> > >> >> > 1.2.3.5:smtp inet n - n - 1 postscreen >> >> > -o smtpd_service_name=smtpd_1.2.3.5 >> >> > -o syslog_name=postfix/1.2.3.5 >> >> > smtpd_1.2.3.5 pass - - n - - smtpd >> >> > -o syslog_name=postfix/1.2.3.5 >> >> >> >> Done, thanks again. I also had to add the SSL cert/key lines, of course. >> >> >> >> While we're still here, can I ask for my own information -- is the >> >> 127.0.0.1:smtp clause at the top still necessary, and if so, what does >> >> it actually do? >> > >> > The 127.0.0.1:smtp entry exists for compatibility with software >> > that submits mail via the loopback interface, such as a webmail >> > system or a local mail client. >> >> Got it, thanks to you both! > > TLS? In that case you also need two tlsproxy services, each with > their own certificate stuff. > > 1.2.3.5:smtp inet n - n - 1 postscreen > -o tlsproxy_service_name=tlsproxy_1.2.3.5 > -o smtpd_service_name=smtpd_1.2.3.5 > -o syslog_name=postfix/1.2.3.5 > smtpd_1.2.3.5 pass - - n - - smtpd > -o syslog_name=postfix/1.2.3.5 > tlsproxy_1.2.3.5 ...other master settings... > -o syslog_name=postfix/1.2.3.5 > ...certificate stuff...
Yes, that was the whole point of this! Thanks for the extra notes. I've had things running for the past day or so without the separate tlsproxy services, and haven't noticed any immediately obvious errors in the logs. On the other hand, I *have* noticed an increase in spam, so probably it hasn't been working after all! I'll tweak further tonight. Is this particular setup detailed in the docs anywhere? It seems like something a fair number of people will be interested in. I can do some sort of blog post, but I don't know how many people it would reach. E
