Openprotect that is.
I've been building a new postfix machine for a client.
Not at all used to postfix, wish I had spent about half the time with it that I spent on sendmail. Well, anyway.
The main.cf I've built is pretty complex at this point.
I've used openprotect a bit with sendmail+milter, and am very pleased with it. I think it's a great way to start. Kudos for this project.
However, I am really edgy about letting a script modify my main.cf on this box.
Can someone give me a quick breakdown on how openprotect works with postfix?
I'm guessing it spaws it's own postfix process, does it's own magic, delivers to a spool, and has the system postfix pick up from that spool for processing.
So, which of these two postfixes (postfixei?) is "mine" as in the one I have spent so much time with?
I am handling numerous virtual maps and some oddball auth stuff, and I really don't want it fussed with too much. Be nice if I could preview what openprotect is going to do when installed.
Thanks kindly in advance, and keep up the good work!
--chipper
OpenProtect starts two postfix instances and their configuration files are in /etc/postfix.in for incoming postfix and /etc/postfix for outgoing one. During installation, the directory /etc/postfix is copied to /etc/postfix.in. Incoming postfix gets the mails and defers them. For this,a new line like this:
#Added by OpenProtect to filter SMTP defer_transports = smtp local virtual relay
is added to the /etc/postfix.in/main.cf file. After scanning, the mails are stored in the outgoing directory and outgoing postfix delivers them. But, outgoing postfix should not start another smtp process, as incoming postfix is already using port 25. So, /etc/postfix/master.cf is modified as below:
The lines
smtp inet n - n - - smtpd #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
are changed to:
#Commented to filter SMTP by openprotect #smtp inet n - n - - smtpd #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
So, outgoing postfix copy is not starting the smtpd port 25 process. So, nothing really has to be changed to install OpenProtect over an already working postfix. In case you want to rollback to the postfix only setting, disable /etc/init.d/openprotect, enable /etc/init.d/postfix and copy /etc/postfix/master.cf.original to /etc/postfix/master.cf. You can also use "openprotect disable" to automatically disable OpenProtect and enable postfix.
cheers, Karthikeyan, S. -- S.Karthikeyan | Ph: +91 (0) 44 52166646 Fax: +91 (0) 44 52113446 Opencomputing Technologies | http://opencompt.com Server Side E-Mail Protection.
