* Wietse Venema <[email protected]>:
> I recently picked up work on the postconf command that I suspended
> in January this year. It's probably best to just give a few examples.
>
> First, a word about notation. I wanted to describe master.cf
> properties with a kind of pathname notation. The original idea was
> to have things like servicename.servicetype.whatever but that turned
> out to be problematic. Services can have '.' in their name, and
> therefore, the '.' can also appear in service-defined parameters.
>
> So I switched to servicename/servicetype/whatever. The result will
> be released as a non-production snapshot because the code still
> needs to be burned in (looking for feedback on the user interface).
> Expected release is Wedneday.
Out of curiosity: Will you aim for the ability to create services too?
$ postconf -E delay/unix/command=smtp
This would create a service 'delay' with 'reasonable defaults' (and get around
the tricky part to specify all options in one command).
Another way to create a new service would be to specify all options:
$ postconf -E
delay/unix/private=yes,unpriv=yes,chroot=yes,wakeup=never,maxproc=100,command=smtp
[ What could be a good way to tell Postfix to use 'defaults'? Using '-' on
command line sounds like an invitation to produce errors ]
Once in place, one could use "postconf -F delay/unix/parameter=option" to
configure it as required before putting it into use.
> The first example shows the smtp/inet service in the traditional
> form:
>
> $ postconf -M smtp/inet
> smtp inet n - n - - smtpd
>
> [note to self: add an option to replace '-' with default values]
Replace in postconf -M ... output or in master.cf?
> Without the smtp/inet the above command would enumerate all services
> and that would be too much output ("postconf -M smtp" would list
> all services called "smtp", that's smtp/inet and smtp/unix).
>
> The postconf command can now enumerate the fields as follows:
>
> $ postconf -F smtp/inet
> smtp/inet/service = smtp
> smtp/inet/type = inet
> smtp/inet/private = n
> smtp/inet/unprivileged = -
> smtp/inet/chroot = n
> smtp/inet/wakeup = -
> smtp/inet/process_limit = -
> smtp/inet/command = smtpd
>
> This form makes it very easy to change one field in master.cf.
> For example to turn on chroot for the smtp/inet service you use:
>
> $ postconf -F smtp/inet/chroot=y
ACK
> Moreover, you can specify "*" for service name, service type or
> field as a wild-card match. For example, to turn off chroot on
> all Postfix daemons, use this:
>
> $ postconf -F '*/*/chroot=n'
ACK
> For a second example, let's look at the submission service. This
> service typically has multple "-o parameter=value" overrides.
>
> The postconf command can enumerate these parameters as follows:
>
> $ postconf -P submission
> submission/inet/milter_macro_daemon_name = ORIGINATING
> submission/inet/smtpd_client_restrictions = $mua_client_restrictions
> submission/inet/smtpd_helo_restrictions = $mua_helo_restrictions
> submission/inet/smtpd_recipient_restrictions =
> permit_sasl_authenticated,reject
> submission/inet/smtpd_reject_unlisted_recipient = no
> submission/inet/smtpd_sasl_auth_enable = yes
> submission/inet/smtpd_sender_restrictions = $mua_sender_restrictions
> submission/inet/smtpd_tls_security_level = encrypt
> submission/inet/syslog_name = postfix/submission
>
> Again, this form makes it very easy to modify one parameter
> setting, for example to change the smtpd_tls_security_level setting for
> the submission/inet service:
>
> $ postconf -P 'submission/inet/smtpd_tls_security_level=may'
That would use the option "-P" to read and to write (edit) service parameters
in master.cf. For main.cf you have dedicated command line options for reading
(-d, -n) and for editing (-e).
Personally I think it is a good idea to use different options for reading and
writing and I would strive to build that for postconf master.cf manipulation
too - as a measure to make accidental changes harder, but also for easy to
remember main.cf/master.cf command line option symmetry.
Editing service specific parameters in master.cf might then work like this:
$ postconf -F submission/inet -E 'smtpd_sasl_auth_enable = yes'
Which would also allow to identify more than one service and add/modify an
option in one run:
$ postconf -F '*/*' -E 'something = useful'
Option -F would create the context to which the editing should apply and -E
would specify what to edit.
To remove parameters -R might be introduced. (And -r for main.cf too, doubling
-X, but keeping the command line option names symmetrical for
main.cf/master.cf.
p@rick
P.S.
Hope this makes sense. I will go and get some coffee now. ;)
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
