Re: Questions about the master.cf file

Wed, 10 Jun 2020 11:39:24 -0700 

Hi Doug,


Very much appreciate your response. In combination with Noel’s email, I think I 
get what’s going on now.


All of this was, of course, in the service type section of 
http://www.postfix.org/master.5.html. Once I had an idea what I was looking for 
and gave it a slow re-read, it’s all there. As you said, the documentation is 
detailed and complete. I might add “in the extreme” but between that and the 
good samaritans on this list, the gap I was struggling with was handily 
bridged. :)


Again, I really appreciate your feedback.


Thanks,


Scott

________________________________
From: Doug Hardie <bc...@lafn.org>
Sent: June 9, 2020 6:02 PM
To: Scott A. Wozny <sawo...@hotmail.com>
Cc: postfix-users@postfix.org <postfix-users@postfix.org>
Subject: Re: Questions about the master.cf file

Having recently gone through this same confusion, perhaps some of what I 
figured out might help.  The first column of the master.cf file is the port 
number for each of the ports that postfix will listen to, or the name of an 
internal postfix process.  In the distributed file, the names from the 
/etc/services file are used rather than the port numbers.  For example, smtp is 
port 25.  However, looking down you will see one line for port 628 (commented 
out though).

The last argument on each line tells postfix which process to send the request 
to.  Thats why postscreen replaces the smtp line with the postscreen process.  
Postscreen is smart - it injects messages into the system by sending them to 
smtpd.  There is an entry for smtpd (the postfix process) that lets you add 
restrictions for smptd.

Here is a portion of my master.cf:

smtpd      pass  -       -       n       -       50       smtpd
  -o smtpd_recipient_restrictions=$incoming_smtpd_restrictions
smtp       inet  n       -       n       -       1       postscreen
dnsblog    unix  -       -       n       -       0       dnsblog
tlsproxy   unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       10       smtpd
        -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
        -o syslog_name=postfix-submission
dovecot    unix -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f 
${sender} -d ${recipient}

I use macros defined in main.cf for the restrictions on port 25 (smtp after 
postscreen) and port 587 (submission).  dnsblog and tlsproxy are internal 
postscript processes.  dovecot is a local delivery via dovecot.

It's a bit difficult at first to see the forrest through the trees as the 
documentation is detailed and complete.  However, once you discover the 
forrest, then the documentation will be quite helpful.


-- Doug

Reply via email to