Re: PostgreSQL+Postfix inquiry

Thu, 26 Jan 2017 15:09:46 -0800 

On 1/26/2017 2:15 AM, Patrick Ben Koetter wrote:

> * Jeremy T. Bouse <jeremy.bo...@undergrid.net>:
>>     I'm going ahead and asking here as I've been searching and haven't
>> found any information...
>>
>> I've been using PostgreSQL, and MySQL in the past, to hold virtual user
>> information for my Postfix server. The only thing that has bothered me
>> is every *sql_*.cf file I had to setup had to have the username,
>> password and host to use for the DB connection. Am I completely missing
>> it or is there a way to set that information in one location for all the
>> database queries to utilize?
> ATM this is as good as it gets.
>
> Postfix has no means to e.g. include files in a configuration e.g. like this:
>
> include = /etc/postfix/dbsettings.cf
>
> You *could* put all query settings in main.cf, *but* main.cf must remain world
> readable. This effectively exposes the db connection settings (and all other
> secrets) to any user, who has access to the machine.
>
> I guess you don't want that.
>
> If you use configuration management you can have it create the query files.
> But setting one up only to get around the redundant work is in no relation to
> the few minutes you spend to write the user/pass etc. a few times.
>
> p@rick
    I'd prefer not to put them in main.cf and have it world readable;
however this is an exercise in part as I'm working to rebuild my
existing VPS MX host into a Docker container which technically won't
have anyone else logging into it but for security sake better safe than
sorry.

    It looks like I'm going to have to go through creating the file(s)
one way or another, I'm looking at doing it by passing in environment
variables (whether they are merely the name of a Docker secrets
in-memory file to read from or the actual values) and have the
entrypoint do the necessary steps.

    If we still have to put the information in the db .cf files, do
those files at least accept variable expansion? If so, could I simply
define those as user-defined variables in the main.cf which the db .cf
files use without having to modify multiple files on startup?

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to