> > Okay, after some reading and hair pulling, I decided to give it a
> > shot, and made some progress. A few questions, please.
>
> It would be useful to post the outpuf of "postmulti -l" so we know what
> you're talking about. And then the output of:
>
> # for i in $(postmulti -l | awk '$3 == "y" {print $1}')
> do
> postmulti -i $i -x postconf multi_instance_name inet_interfaces
> master_service_disable
> done
>
> which will show the inet_interfaces and disabled services for each
> enabled instance.
I do believe I have made some progress after reading your comments and
working on it further. It's now listening on an external interface
because I believe I adjusted the $default_transport.
# postmulti -l
- - y /etc/postfix
postfix-out mta y /etc/postfix-out
postfix-in mta y /etc/postfix-in
# for i in $(postmulti -l | awk '$3 == "y" {print $1}') ; do postmulti
-i $i -x postconf multi_instance_name inet_interfaces
master_service_disable; done
multi_instance_name =
inet_interfaces = localhost
master_service_disable = inet
multi_instance_name = postfix-out
inet_interfaces = localhost
master_service_disable =
multi_instance_name = postfix-in
inet_interfaces = 209.216.11.114
master_service_disable =
> > Is there a diagram that shows the flow of data from the internet
> > through to the first instance, content filter, then out?
>
> You've just described it. Can you ask a more specific question?
> Each Postfix instance behaves like a full-blown independent MTA,
> they just happen to run on the same machine. You can forward
> traffic between them via SMTP.
I should have added to just ask if that assumption was correct.
I may be unclear on the purpose of each. I would have assumed mail
would come in on postfix-in, filtered there, then sent out
postfix-out, but I'm a bit confused after reading some of your
comments below.
I think I'm still unclear about the "Setting up the content-filter
proxy" section - I'm assuming that means amavis in my case. Is this
configured in postfix-in or postfix-out? I interpreted the doc to mean
my amavis/clam/SA processing is done in postfix-out, but your comments
seem to indicate it should be done in postfix-in.
There's also no reference to any changes being necessary to be made in
master.cf for the postfix-in instance. Is that where I should be
incorporating the master.cf changes from my existing one-instance
postfix?
> For any given IP address and TCP port, at most one Postfix instance can
> listen on that IP and port, and if the port is used with a wildcard
> listener, then that generally precludes using it with specific IPs.
Okay, I think I understand. Certainly I understand that only one
process can listen on one port at a time.
> > I have an existing system that uses amavisd, clamav and spamassassin
> > using "content_filter = smtp-amavis:[127.0.0.1]:10024". Just to be
> > sure, this (along with my postscreen and smtpd_recipient_restrictions)
> > goes in postfix-in, correct?
>
> With multiple instances one you don't actually need a "content_filter",
> you can instead arrange for the transport table and/or local_transport,
> virtual_transport, relay_transport, default_transport (whichever are
> applicable) to hand mail off to the filter port. But you can continue
> to use content_filter if you like.
I currently have a transport map set up in the form:
domain.com smtp:1.2.3.4
.domain.com smtp:1.2.3.4
(as a side-note, should it be "smtp:[1.2.3.4]" or is that just to
prevent DNS lookups, I think?)
This would be defined as:
transport_maps = hash:/etc/postfix/transport
There is no local delivery in this case, so I would think no
local_transport - any local delivery is handled by the null instance,
right?
I also have a virtual map set up as:
virtual_alias_maps = hash:/etc/postfix/virtual,
hash:/etc/postfix/virtual-segtravel
Would you also confirm where I should be putting my postscreen,
smtpd_helo_restrictions and smtpd_recipient_restrictions? Also in
postfix-out?
> > I don't understand what this from the MULTI_INSTANCE doc is for. Under
> > what circumstances do I need this? Should this instead be the
> > smtp-amavis service from my master.cf? Should I be able to drop in my
> > existing master.cf to use in postfix-in?
>
> Pretend you have 3 separate machines, one running "postfix-in", a
> second running amavis, and a third running "postfix-out". Just
> arrange to pass mail through all three in the right sequence.
I thought the third instance included the null instance documented at
the top of the doc. I'm confused :-(
> > # Replace default "smtp inet" entry with one listening on port 10026.
> > 127.0.0.1:10026 inet n - n - - smtpd
>
> Post-amavis mail would typically be received by postfix-out.
That makes sense and is currently set up in that way.
