Re: Various questions about Postfix
I'll give that book a try and return to this thread with any remaining questions. On Fri, Oct 15, 2021, 1:13 AM Viktor Dukhovni wrote: > On Fri, Oct 15, 2021 at 12:53:03AM -0500, Tyler Montney wrote: > > > Perfect, all of that makes sense. Here's 3 more: > > You might try the book by Patrick and Ralf, the basics haven't changed. > > >- The way I understand master.cf is that it spins up services. > > On demand, unless some idle instances of the service are already up and > running and waiting for requests. > > >For instance, the smtpd service to accept incoming connections on > >port 25, > > These spin up on demand and exit after a number of requests or when idle > too long. A lightly loaded system might not have any running much of > the time. > > >or qmgr that handles the various queues (like active and deferred). > > The qmgr(8) daemon runs indefinitely, until a "stop" or "reload". > > >For other services that wish to interact with say 'verify', how do > >they do this? > > By connecting to the service socket. > > >Would it be accurate to compare it to an HTTP routing table? > > The inetd(8) service and inetd.conf file is a better analogy. > > >They call postfix with the service name, and in turn get the > >executed command? > > No. They connect to the relevant public or private socket, and the > service is started if not already running or busy and the process limit > has not been reached. > > >- Why are Postfix manual pages for these services identical? > > - smtp/lmtp > > Same program implements multiple services. > > > - bounce/defer/trace > > Same program implements multiple services. > > >- Is there any documentation for the service 'relay'? > > It is an smtp(8) transport, see smtp(8) and ADDRESS_CLASS_README. > > For more basic background questions, let Patrick and Ralf earn some > royalties, and: > > http://www.postfix.org/OVERVIEW.html > http://www.postfix.org/BASIC_CONFIGURATION_README.html > http://www.postfix.org/STANDARD_CONFIGURATION_README.html > > and other documents at: > > http://www.postfix.org/documentation.html > > -- > Viktor. >
misleading warning: symlink leaves directory
hey, i am playing around with various configurations in several 'main.cf.*' files, which i symlink to main.cf. if i do # ln -s ./main.cf.test ./main.cf i get the warning Oct 15 09:46:23 mail postfix/postfix-script[13603]: warning: symlink leaves directory: /etc/postfix/./main.cf if i do # ln -s mail.cf.test ./main.cf everything seems to be fine. but since i don't like warnings and i like my './' in front of filenames, i dared to investigate, and looking at '/etc/postfix/postfix-script' i see: find $todo -type l | while read f; do \ readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \ done; \ maybe an additional sed 's/^.\///' would do the trick? in general: maybe a more sophisticated check against '$config_directory' would be more appropriate? on the other hand: it's just a warning... greetings...
Re: misleading warning: symlink leaves directory
On Fri, 2021-10-15 at 10:15 +0200, Michael wrote: > everything seems to be fine. but since i don't like warnings and i > like my './' in front of filenames, i dared to investigate, and > looking at '/etc/postfix/postfix-script' i see: > > find $todo -type l | while read f; do \ > readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; > \ > done; \ > > maybe an additional > > sed 's/^.\///' > > would do the trick? Wholesale suppression of warnings is generally a bad idea. Especially when they are security-related. Better to suppress your irritation :-) Alternatively, maybe change the check to something like: X=`readlink "$f"` echo "$X" | \ grep "SYMLINK_OK" || \ echo "$X" grep -q / && $WARN [...] Then put a comment line with "SYMLINK_OK" in any file you don't want to be bugged about. That's off the top of my head so may be wrong (in particular check precedence, I think and binds tighter than or?) but you get the idea. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer GPG fingerprint: 61A0 99A9 8823 3A75 871E 5D90 BADB B237 260C 9C58 Old fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170
Re: About "transport_maps" : when this paraméter is set smtp does not deliver mail localy
I solved my problem. We are using the Postfix "directory routing" functionality . The problem was on the Ldap request filter. I adjusted it. So the discussion thread on this problem can be closed. Bests Regards. -- Claude Chéret Le 07/10/2021 à 19:36, Claude a écrit : Tank you for the clarification. Here I give you more informations about the configuration. The smtp server : - act as a local delivery server for the local domain (we are using virtual mailbox owned by vmail:vmail account in /mnt/virtual), - act as a relay server for some other domains. Maildrop is configured to run under vmail account in the master.cf file. When I unconfigure transport_maps, maildrop run as vmail and it can write the message in the user's mailbox . When I configure the transport_maps, maildrop run as root for the local delyvery, so it can't write into the user's mailbox and delivery fail. Le 07/10/2021 à 15:31, Matus UHLAR - fantomas a écrit : On 07.10.21 14:26, Claude wrote: Subject: Re: About "transport_maps" : when this paraméter is set smtp does not deliver mail localy On the "transport" man page I can see this information: ... In order to deliver internal mail directly, while using a mail relay for all other mail, specify a null entry for internal destinations (do not change the delivery transport or the nexthop information) and spec- ify a wildcard for all other destinations. deliver directly does not mean locally. deliver directly means deliver to remote server that is MX host, instead of delivering via relay_host or other host(t) in transport_maps. in order to deliver mail locally, the destination domain must be treated as local domain. You can't do that via transport_maps.
Re: misleading warning: symlink leaves directory
On Fri, 2021-10-15 at 20:00 +1100, Karl Auer wrote: > Alternatively, maybe change the check to something like: > >X=`readlink "$f"` >echo "$X" | \ > grep "SYMLINK_OK" || \ > echo "$X" grep -q / && $WARN [...] Needs a "-q" in the first grep command... Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer GPG fingerprint: 61A0 99A9 8823 3A75 871E 5D90 BADB B237 260C 9C58 Old fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170
Re: misleading warning: symlink leaves directory
On Friday, 15 October 2021 11:00:24 CEST, Karl Auer wrote:
On Fri, 2021-10-15 at 10:15 +0200, Michael wrote:
Wholesale suppression of warnings is generally a bad idea. Especially
when they are security-related.
full ack. but if the warning says: 'symlink leaves directory', and it just
doesn't, then i call this warning misleading.
Better to suppress your irritation :-)
i disagree. warnings have exactly the purpose to irritate! i can choose to
ignore my irritation, but i'd never choose to supress it.
Alternatively, maybe change the check to something like:
X=`readlink "$f"`
echo "$X" | \
grep "SYMLINK_OK" || \
echo "$X" grep -q / && $WARN [...]
Then put a comment line with "SYMLINK_OK" in any file you don't want to
be bugged about.
even if i considered your solution, which i don't, i'd modify it to
something like:
X="$(readlink "$f")"
grep -q "SYMLINK_OK" "$X" || \
{ echo "$X" | grep -q / && ...; }
... but
you get the idea.
yes, and i don't like it. i would have do modify a file from the postfix
package (debian) which would probably appear in 'dpkg -V', very much to my
dislike.
greetings...
Re: misleading warning: symlink leaves directory
Michael: > Oct 15 09:46:23 mail postfix/postfix-script[13603]: warning: symlink leaves There is no 'leaves' warning in postfix.org Postfix. I suspect that it was added by a downstream maintainer. Complain there, please. Woeyse
Re: misleading warning: symlink leaves directory
On Friday, 15 October 2021 13:18:42 CEST, Wietse Venema wrote: There is no 'leaves' warning in postfix.org Postfix. I suspect that it was added by a downstream maintainer. Complain there, please. indeed, i just downloaded the latest tarbal and didn't find anything in postfix-script. sorry for interrupting! greetings...
Re: Various questions about Postfix
One other thing while I wait... Once I'm done researching (in a week or two), I'd like someone to provide a sanity check on my Postfix config by posting it here. Is that allowed? On Fri, Oct 15, 2021 at 1:13 AM Viktor Dukhovni wrote: > On Fri, Oct 15, 2021 at 12:53:03AM -0500, Tyler Montney wrote: > > > Perfect, all of that makes sense. Here's 3 more: > > You might try the book by Patrick and Ralf, the basics haven't changed. > > >- The way I understand master.cf is that it spins up services. > > On demand, unless some idle instances of the service are already up and > running and waiting for requests. > > >For instance, the smtpd service to accept incoming connections on > >port 25, > > These spin up on demand and exit after a number of requests or when idle > too long. A lightly loaded system might not have any running much of > the time. > > >or qmgr that handles the various queues (like active and deferred). > > The qmgr(8) daemon runs indefinitely, until a "stop" or "reload". > > >For other services that wish to interact with say 'verify', how do > >they do this? > > By connecting to the service socket. > > >Would it be accurate to compare it to an HTTP routing table? > > The inetd(8) service and inetd.conf file is a better analogy. > > >They call postfix with the service name, and in turn get the > >executed command? > > No. They connect to the relevant public or private socket, and the > service is started if not already running or busy and the process limit > has not been reached. > > >- Why are Postfix manual pages for these services identical? > > - smtp/lmtp > > Same program implements multiple services. > > > - bounce/defer/trace > > Same program implements multiple services. > > >- Is there any documentation for the service 'relay'? > > It is an smtp(8) transport, see smtp(8) and ADDRESS_CLASS_README. > > For more basic background questions, let Patrick and Ralf earn some > royalties, and: > > http://www.postfix.org/OVERVIEW.html > http://www.postfix.org/BASIC_CONFIGURATION_README.html > http://www.postfix.org/STANDARD_CONFIGURATION_README.html > > and other documents at: > > http://www.postfix.org/documentation.html > > -- > Viktor. > On Fri, Oct 15, 2021 at 1:13 AM Viktor Dukhovni wrote: > On Fri, Oct 15, 2021 at 12:53:03AM -0500, Tyler Montney wrote: > > > Perfect, all of that makes sense. Here's 3 more: > > You might try the book by Patrick and Ralf, the basics haven't changed. > > >- The way I understand master.cf is that it spins up services. > > On demand, unless some idle instances of the service are already up and > running and waiting for requests. > > >For instance, the smtpd service to accept incoming connections on > >port 25, > > These spin up on demand and exit after a number of requests or when idle > too long. A lightly loaded system might not have any running much of > the time. > > >or qmgr that handles the various queues (like active and deferred). > > The qmgr(8) daemon runs indefinitely, until a "stop" or "reload". > > >For other services that wish to interact with say 'verify', how do > >they do this? > > By connecting to the service socket. > > >Would it be accurate to compare it to an HTTP routing table? > > The inetd(8) service and inetd.conf file is a better analogy. > > >They call postfix with the service name, and in turn get the > >executed command? > > No. They connect to the relevant public or private socket, and the > service is started if not already running or busy and the process limit > has not been reached. > > >- Why are Postfix manual pages for these services identical? > > - smtp/lmtp > > Same program implements multiple services. > > > - bounce/defer/trace > > Same program implements multiple services. > > >- Is there any documentation for the service 'relay'? > > It is an smtp(8) transport, see smtp(8) and ADDRESS_CLASS_README. > > For more basic background questions, let Patrick and Ralf earn some > royalties, and: > > http://www.postfix.org/OVERVIEW.html > http://www.postfix.org/BASIC_CONFIGURATION_README.html > http://www.postfix.org/STANDARD_CONFIGURATION_README.html > > and other documents at: > > http://www.postfix.org/documentation.html > > -- > Viktor. >
