On Thu, Feb 21, 2013 at 05:46:26PM +0100, Erik Slagter wrote:
> Another variation I tried ("pass" and "postscreen" the other way
> around). This works, but gives the original problem, the smtpd
> options are not honoured (especially banner and starttls="may"),
> even though I set both:
Take a DEEP breath, relax and don't *try* implementing new
configurations you don't yet understand. The shots in the dark will
just get you more confused.
It is time to try to *understand*.
1. A running Postfix instance is a collection of separate background
services (daemons) launched by an inetd-like service supervisor known
as "master. These services run independently in separate processes
and communicate with each other using unix-domain sockets.
They are configured either via main.cf (best practice) or via
master.cf "-o parameter=$value" overrides (when you must).
The MOST important thing you need to understand about this is:
Adding "-o FOO=BAR" to the master.cf entry for SERVICEA has
NO EFFECT on the value of FOO in SERVICEB!
Even when the MESSAGE is passed from SERVICEA to SERVICEB the
parameter settings ARE NOT.
Thus when you convert an existing "smtpd" entry to a "postscreen"
entry, it is a grave mistake to leave the "smtpd" (-o options)
that tune the functionality of smtpd attached to the "postscreen"
service. It (postscreen) won't care and the destination "smtpd"
to which the message is handed off will no longer know the parameters.
2. To provide multiple smtpd personalities, you need to implement multiple
"smtpd" services each with their own settings. (As you do when smtpd
listens directly on an "inet" socket).
3. To implement 2. with postscreen, each "inet" listening postscreen
(with settings relevant for postscreen) must hand the message off
to an "smtpd" appropriate for its listening IP address.
4. Therefore, you need multiple "smtpd" "pass" services for "postscreen"
to hand the connection to. The postscreen(8) manual page refers you to
http://www.postfix.org/postconf.5.html#smtpd_service_name
which must specify the service name of a "pass" entry in master.cf,
you need one of these for each distinct postscreen instance.
192.0.2.1:25 inet ... postscreen
-o smtpd_service_name=25@192.0.2.1
-o <postscreen-related-settings> ...
25@192.0.2.1 pass ... smtpd
-o <smtpd-related-settings> ...
Lather, rinse, repeat:
192.0.2.1:587 inet ... postscreen
-o smtpd_service_name=587@192.0.2.1
-o <postscreen-related-settings> ...
587@192.0.2.1 pass ... smtpd
-o <smtpd-related-settings> ...
Lather, rinse, repeat:
192.0.2.2:25 inet ... postscreen
-o smtpd_service_name=25@192.0.2.2
-o <postscreen-related-settings> ...
25@192.0.2.2 pass ... smtpd
-o <smtpd-related-settings> ...
Lather, rinse, repeat:
192.0.2.3:25 inet ... postscreen
-o smtpd_service_name=25@192.0.2.3
-o <postscreen-related-settings> ...
25@192.0.3.2 pass ... smtpd
-o <smtpd-related-settings> ...
... but do stop eventually ... :-)
--
Viktor.
