I've a 2-postfix setup. The frontend
is open to 'net only on port 25 receives email for my domains from 'net applies restrictions forwards to backend if PASS serves as outbound SMARTHOST to backend; accepts no direct submission generates log entries that feed fail2ban does NOT deliver directly into backend's IMAP store The backend is open to 'net only on port 587 receives email for my domains only fwd'd from frontend delivers email to local IMAP store serves as the smtp server used for MUA port 587 submissions, from end-user clients, for outbound delivery It's all nicely 'bolted down'. My next steps are to (1) enable submission of system mail by non-postfix services running on the frontend -- in this example, for delivery of fail2ban-generated admin messages. (2) enable submission of port 587 MUA submission on the frontend, ensuring concurrent delivery of submitted/sent mail to sender-account's backend IMAP store Questions: (re: 1) What's the right, secure UID to use for the fail2ban-generated injection into Postfix? (re: 2) What mechanism can/should be used to copy frontend-submitted-and-sent mail to the backend's IMAP store? Re: 1, fail2ban is configured to inject/submit those messages using the postfix instance's sendmail, actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n` ... " | /usr/local/sbin/sendmail -f <sender> <dest> Currently fail2ban runs as root. With a config edit, /main.cf - authorized_submit_users = + authorized_submit_users = root messages are delivered as intended. Is submission by root user a security risk from postfix' perspective? Options, if needed, include exec'ing fail2ban 'rootless', as UID= 'fail2ban'(unique) or 'postfix'(shared), or leaving it run as root and simply submit as other UID. What's the recommendation to NOT poke silly holes into my postfix setup?