On 21/02/2013 15:32, Erik Slagter wrote:
On 21-02-13 13:04, DTNX Postmaster wrote:Please help me with the following. I have here a postfix system that listens on multiple (external) interfaces, e.g. one of them receives e-mail from the internet, one of them receives more or less secure mail from associated institutions. E-mail received on the "internet" interface receives full processing, including amavis which calls spamassassin (by proxy filter) and it should offer "may" level TLS (no discussion about that please ;-)). The e-mail received on the "secure" interface receives limited processing, e.g. no amavis and it doesn't need to offer TLS. Besides that there are also a few "internal" interfaces postfix listens on as well, with minimal processing, but with dkim signing. So there are actually multiple flows through the system, depending on the interface the mail was received on. I want to start using postscreen. Of course I am not going to "test" in a production environment, so I made a comparable postfix installation and with that installation I ran into a problem: The options (-o) that I specify on the various per-interface smtpd instances are NOT honoured anymore. I can check that quite easily because the hello string varies per interface and also TLS is no longer offered (disabled in the main.cf and enable on a per-interface basis in the master.cf file). When I revert to non-postscreen operation, it works like expected. Is this intentional? A know bug? Or something I should do another way? Anyone that has this configuration running, with postscreen? I must say the "howto" isn't very clear on this matter, it assumes you only have only one external interface. Thanks in advance.http://www.postfix.org/POSTSCREEN_README.html Have you followed those instructions?Yes I did (of course). The README does NOT give any information on the use of multiple interfaces. It says "change ... into ..." but my master file doesn't have these lines. It would be much better if it would explain HOW it works so you can do the adjustments yourself.AFAIK, you can bind 'postscreen' to a specific interface by specifying a hostname or an IP address in front of the port name or number in 'master.cf'; 192.0.2.1:smtp inet .... postscreen And then have a regular Postfix instance on a seperate address; 192.0.2.2:smtp inet .... smtpdI tried another variant: 192.168.0.1:smtp inet ... postscreen -o options... 192.168.0.1:pass inet ... smtpd -o options... This resembles the approach in the README most closely. Postfix does start, but it doesn't honour the options, on both instances. It's very simple to check, because I have postcheck report another welcome string on every interface. Now it shows the "default" welcome string, without postscreen, it gives the proper welcome string.
It's mine: postscreen_greet_banner = $smtpd_banner/Postscreen enabled
If you cannot simplify your setup, you may need this; http://www.postfix.org/MULTI_INSTANCE_README.htmlRead that too. It is not completely clear to me, but I suspect this gives me multiples queues too, which is not what I want, I want to route e-mail between all interfaces.Other than that, post proof that options are not honored anymore. The most likely cause is that you are trying to apply something to 'postscreen' that is only supported for 'smtpd'?See above, SMTP welcome string. Which I added as an option to both the smtpd and the postscreen line... None of them were honoured.
smime.p7s
Description: S/MIME Cryptographic Signature
