Hello Viktor, Thank you again for your reply.
I had to remove the mua* options in submission from the upstream master.cf that I loaded, otherwise it loaded fine. I'm not using them. I think I have it, the pfs that is. Can I get a postconf -nf and a postconf -Mf sanitized of your configuration? I'd like to compare it with mine. Thanks. Dave. On 4/23/18, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > >> On Apr 23, 2018, at 12:29 AM, David Mehler <dave.meh...@gmail.com> wrote: >> >> Thanks. So I can drop in master.cf upstream without inputting mua* >> parameters in my main.cf? > > Generally not the whole file, but you can use the stock file as a > starting template from which to borrow appropriate service definitions > or specific override settings. > >> I've got a few options in my master.cf file submission service that >> are not in the upstream file, are they still relevant in 3.3? >> >> smtp inet n - n - 1 postscreen >> -o smtpd_sasl_auth_enable=no > > That setting is the default, and if you don't set to "yes" in main.cf, > the override is not needed, but could be a harmless "safety net". > >> dnsblog unix - - n - 0 dnsblog >> tlsproxy unix - - n - 0 tlsproxy > > These are needed for postscreen support. You uncomment them in > the stock file as needed. > >> and in submission: >> -o smtpd_tls_dh1024_param_file=/etc/ssl/dhparam.pem > > See http://www.postfix.org/FORWARD_SECRECY_README.html#quick-start > Don't get hung up the literal file name, what matters is the content, > thus ideally a 2048-bit (Sophie Germain) prime group. > >> -o smtpd_sasl_type=dovecot >> -o smtpd_sasl_path=private/auth > > Whatever SASL backend works for you. > >> -o smtpd_sasl_security_options=noanonymous >> -o tls_preempt_cipherlist=yes > > These are fine. > > -- > Viktor. > >
