Voytek:
> I have an 'old' Postfix 2.1 Centos 6 server, all running well, looking at
> setting a more up to date server and Postfix
>
> old server was not installed by me, just now I've realized I have policy
> deamon I was not aware of (obviously was running OK...)
>
> from main.cf
> ...
> smtpd_recipient_restrictions =
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unlisted_recipient,
> check_policy_service inet:127.0.0.1:7777,
> permit_mynetworks,
> check_sasl_access hash:/etc/postfix/sasl_access
> permit_sasl_authenticated,
> ...
>
> Q1: in a multi line config like this, is it possibly to comment out one
> line in place like so?
> smtpd_recipient_restrictions =
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unlisted_recipient,
> # check_policy_service inet:127.0.0.1:7777,
> permit_mynetworks,
> check_sasl_access hash:/etc/postfix/sasl_access
> permit_sasl_authenticated,
> ...
Yes. I copied the above to /tmp/main.cf and checked with 'postconf -n -c /tmp'.
> Q2: is there a way to assess from maillogs? effectiveness ? what else ?
> that this deamon has ?
Only if the server logs activity. I hve no experience with the
programs that you mention.
> lastly, in current setup, I have the two policy deamons in two places:
> before permit mynetworks, and, as last
>
> where should it be?
If it is before permit mynetworks, it can make your site an open
relay if you aren't very careful.
Wietse
