Hi, I'm continuing to make progress on configuring multiple instances, but have a few questions.
> > I have an existing system that uses amavisd, clamav and spamassassin > > using "content_filter = smtp-amavis:[127.0.0.1]:10024". Just to be > > sure, this (along with my postscreen and smtpd_recipient_restrictions) > > goes in postfix-in, correct? > > With multiple instances one you don't actually need a "content_filter", > you can instead arrange for the transport table and/or local_transport, > virtual_transport, relay_transport, default_transport (whichever are > applicable) to hand mail off to the filter port. But you can continue > to use content_filter if you like. I have done this with transport maps: mycompany.com smtp:68.195.191.42 .mycompany.com smtp:68.195.191.42 > You still need smtpd_relay_restrictions on the "out" instance, typically > just allowing 127.0.0.1 and nothing else. All the other restrictions > can be empty. I've done this, but have a weird reject that I don't understand. Nov 3 12:17:16 xavier postfix-114/qmgr[577320]: B22FE200A4D83: from=<>, size=4098, nrcpt=1 (queue active) Nov 3 12:17:16 xavier postfix-out/smtpd[578804]: connect from xavier.mycompany.com[209.216.11.114] Nov 3 12:17:16 xavier postfix-out/smtpd[578804]: NOQUEUE: reject: CONNECT from xavier.mycompany.com[209.216.11.114]: 554 5.7.1 <xavier.mycompany.com[209.216.11.114]>: Client host rejected: Access denied; proto=SMTP Nov 3 12:17:16 xavier postfix-114/smtp[578803]: B22FE200A4D83: to=<i...@s9.areros.ru>, relay=127.0.0.1[127.0.0.1]:10025, delay=946, delays=946/0.02/0.01/0, dsn=4.7.1, status=deferred (host 127.0.0.1[127.0.0.1] refused to talk to me: 554 5.7.1 <xavier.mycompany.com[209.216.11.114]>: Client host rejected: Access denied) # postmulti -l - - y /etc/postfix postfix-out mta y /etc/postfix-out postfix-114 mta y /etc/postfix-114 postfix-117 mta y /etc/postfix-117 mynetworks = 209.216.11.0/24, 127.0.0.0/8, 209.216.12.0/24 newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = queue_directory = /var/spool/postfix-out readme_directory = /usr/share/doc/postfix-out/README_FILES recipient_delimiter = + sample_directory = /usr/share/doc/postfix-out/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop shlib_directory = /usr/lib64/postfix smtp_bind_address = 0.0.0.0 smtp_tls_CAfile = /etc/letsencrypt/chain.pem smtp_tls_CApath = /etc/letsencrypt smtp_tls_security_level = may smtpd_client_connection_count_limit = 0 smtpd_client_event_limit_exceptions = $mynetworks smtpd_client_port_logging = no smtpd_relay_restrictions = 127.0.0.1 smtpd_timeout = 1200s smtpd_tls_cert_file = /etc/letsencrypt/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/privkey.pem smtpd_tls_security_level = may > > 127.0.0.1:10025 inet n - n - 2 smtpd > > -o content_filter= > > ... > > -o > > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters > > -o local_header_rewrite_clients= > > This goes in "postfix-out" and instead of all the overrides, just apply > the settings in main.cf instead. And you don't need "no_milters", just > don't define any milters you don't need. Again think three separate > machines, each configured for the task at hand. Your current > configuration is mostly distraction, start clean. The FILTER_README still provides instructions for doing it as above. How can I add these settings to main.cf instead? Thanks, Alex
