> On Apr 23, 2018, at 12:29 AM, David Mehler <dave.meh...@gmail.com> wrote: > > Thanks. So I can drop in master.cf upstream without inputting mua* > parameters in my main.cf?
Generally not the whole file, but you can use the stock file as a starting template from which to borrow appropriate service definitions or specific override settings. > I've got a few options in my master.cf file submission service that > are not in the upstream file, are they still relevant in 3.3? > > smtp inet n - n - 1 postscreen > -o smtpd_sasl_auth_enable=no That setting is the default, and if you don't set to "yes" in main.cf, the override is not needed, but could be a harmless "safety net". > dnsblog unix - - n - 0 dnsblog > tlsproxy unix - - n - 0 tlsproxy These are needed for postscreen support. You uncomment them in the stock file as needed. > and in submission: > -o smtpd_tls_dh1024_param_file=/etc/ssl/dhparam.pem See http://www.postfix.org/FORWARD_SECRECY_README.html#quick-start Don't get hung up the literal file name, what matters is the content, thus ideally a 2048-bit (Sophie Germain) prime group. > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth Whatever SASL backend works for you. > -o smtpd_sasl_security_options=noanonymous > -o tls_preempt_cipherlist=yes These are fine. -- Viktor.
