Dear Victor,
I checked out master_service_disable at here
<http://www.postfix.org/postconf.5.html#master_service_disable> but I am a
bit uncertain of how I should use it.
So here is the output of postmulti -l:
- - y /usr/local/etc/postfix
postfix-abc - y /usr/local/etc/postfix-abc
postfix-xyz - y /usr/local/etc/postfix-xyz
The nullclient and second domain configs follow. The first domain's config
is identical to the second one if you replace xyz with abc and IP's last
two digits to 11 from 12. Pls do let me know if you find anything else that
should be corrected/updated.
=== /usr/local/etc/postfix:
alias_database =
alias_maps =
command_directory = /usr/local/sbin
compatibility_level = 3.6
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = loopback-only
inet_protocols = ipv4
local_recipient_maps =
local_transport = error: 5.1.1 Mailbox unavailable - local delivery disabled
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
master_service_disable = inet
meta_directory = /usr/local/libexec/postfix
multi_instance_directories = /usr/local/etc/postfix-abc
/usr/local/etc/postfix-xyz
multi_instance_enable = yes
multi_instance_wrapper = ${command_directory}/postmulti -p --
mydestination =
mydomain = abc.com
myhostname = mta.abc.com
mynetworks = 127.0.0.0/8 [::1]/128
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relayhost = 192.168.1.11
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
soft_bounce = no
unknown_local_recipient_reject_code = 550
---
smtp inet n - n - - smtpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
=== /usr/local/etc/postfix-xyz:
access_map_reject_code = 554
allow_percent_hack = no
authorized_submit_users =
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
compatibility_level = 3.6
config_directory = /usr/local/etc/postfix-xyz
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix-xyz
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 50
default_destination_recipient_limit = 50
default_process_limit = 200
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 192.168.1.12
inet_protocols = ipv4
invalid_hostname_reject_code = 554
mail_owner = postfix
mailbox_size_limit = 512000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_reject_code = 554
master_service_disable = inet
max_use = 10
maximal_backoff_time = 1000s
message_size_limit = 104857600
meta_directory = /usr/local/libexec/postfix
milter_command_timeout = 45s
milter_connect_macros = j {daemon_name} v {if_name} _
milter_connect_timeout = 45s
milter_content_timeout = 300s
milter_default_action = accept
milter_protocol = 6
minimal_backoff_time = 300s
multi_instance_enable = yes
multi_instance_name = postfix-xyz
multi_recipient_bounce_reject_code = 554
mydomain = xyz.com
myhostname = mail.xyz.com
mynetworks = 192.168.1.0/24, 192.168.0.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
plaintext_reject_code = 554
policyd-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 0
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_greet_action = enforce
postscreen_greet_banner = Welcome to xyz Mail Service. Please wait...
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
qmgr_message_active_limit = 40000
qmgr_message_recipient_limit = 40000
queue_directory = /var/spool/postfix-xyz
readme_directory = no
recipient_delimiter = +
reject_code = 554
relay_domains_reject_code = 554
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
show_user_unknown_table_name = no
smtp_destination_concurrency_limit = 100
smtp_mx_session_limit = 100
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps =
pgsql:/usr/local/etc/postfix/data/pgsql-virtual-users.cf
smtp_sasl_security_options = noanonymous
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 100
smtpd_delay_reject = yes
smtpd_error_sleep_time = 20
smtpd_hard_error_limit = 3
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_helo_hostname, reject_non_fqdn_hostname,
reject_invalid_hostname, permit
smtpd_junk_command_limit = 2
smtpd_milters = unix:/var/run/spamd/milter.sock,
unix:/var/run/opendkim/milter.sock, unix:/var/run/opendmarc/milter.sock
unix:/var/run/clamav/clmilter.sock
smtpd_recipient_limit = 10000
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unlisted_recipient,
reject_unlisted_sender, permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, check_policy_service
unix:private/policyd-spf,
check_policy_service inet:127.0.0.1:10023, permit
smtpd_reject_unlisted_recipient = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = xyz.com
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
pgsql:/usr/local/etc/postfix/data/pgsql-virtual-users.cf
smtpd_sender_restrictions = check_sender_access
pcre:/usr/local/etc/postfix/data/blacklisted_senders,
reject_sender_login_mismatch, permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain, reject_unknown_reverse_client_hostname,
reject_non_fqdn_sender, permit
smtpd_soft_error_limit = 1
smtpd_timeout = 120s
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_chain_files = /etc/ssl/certs/mail.xyz.com/privkey.pem,
/etc/ssl/certs/mail.xyz.com/fullchain.pem
smtpd_tls_exclude_ciphers = EXPORT
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, !TLSv1.2
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, !TLSv1.2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
strict_rfc821_envelopes = yes
swap_bangpath = no
tls_preempt_cipherlist = no
tls_random_source = dev:/dev/urandom
tls_ssl_options = NO_RENEGOTIATION
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_address_reject_code = 554
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains =
pgsql:/usr/local/etc/postfix/data/pgsql-virtual-domains.cf
virtual_mailbox_limit = 512000000
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/data/
pgsql-virtual-users.cf
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
---
192.168.1.12:2526 inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
192.168.0.12:5872 inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_sender_login_maps=pgsql:/usr/local/etc/postfix/data/
pgsql-virtual-users.cf
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o
smtpd_sender_restrictions=permit_sasl_authenticated,reject_sender_login_mismatch
-o
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o
smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
policyd-spf unix - n n - 0 spawn user=nobody
argv=/usr/local/bin/policyd-spf
Best,
Nitin
