On Thu, Feb 18, 2021 at 09:02:26PM +0000, Matthew Selsky wrote:
> Our transport table has:
> domain1.invalid affiliate:[external1.invalid]
>
> And master.cf has:
> affiliate unix - - n - - smtp
> -o smtp_generic_maps=${ldap}generic-ldap.cf
>
> smtp_generic_maps is unset in main.cf:
> $ postmulti -i postfix-mta-out -x postconf smtp_generic_maps
> smtp_generic_maps =
>
> We get the following warning in our logs:
> 2021-02-16T20:41:17.544+00:00 server.invalid
> postfix-mta-out/proxymap[634976]: warning: to approve this table for
> read-only access, list proxy:ldap:/etc/postfix-mta-out/generic-ldap.cf
> in main.cf:proxy_read_maps
Indeed, because your "$ldap" defininition in main.cf starts with
"proxy:ldap:", each LDAP table needs to be configured in
proxy_read_maps.
THerefore, you might want to actually "name" this table:
main.cf:
affiliate_generic_maps = ${ldap}generic-ldap.cf
proxy_read_maps = ... $affiliate_generic_maps
master.cf:
affiliate unix - - n - - smtp
-o smtp_generic_maps=$affiliate_generic_maps
> Is this only necessary because we're setting smtp_generic_maps in
> master.cf instead of main.cf?
Yes, because proxy_read_maps already tries to automatically capture all
the standard parameters that specify (lists of) tables. But master.cf
is not covered.
It would be nice to have a "+=" syntax for Postfix parameters some day,
so that one could specify "default + custom", rather than stutter the
built-in defaults.
--
Viktor.
