Postfix 3.2.2 Post upgrade, I'm revisiting my configuration to be sure I'm taking advantage of current features relative to my old server.
I'm still using 2 cleanup services , pre-cleanup before the content_filter and the regular cleanup after-filter. I was using Patrick Koetter's current postfix-amavisd readme as a reference. Specifically section 4 on configuring 2 cleanup services. https://www.ijs.si/software/amavisd/README.postfix.html I wanted to ensure I was passing the addresses to the content filter unchanged, and having the final cleanup service handle any rewriting. I understand from Patrick's document that using 2 cleanup services gives more control than the receive_override_options settings. What I'm not sure about is if I need that setting at all now. His readme (section 4.2.3) added -o cleanup_service_name=pre-cleanup To the submission port. And I had this set globally in main.cf receive_override_options=no_address_mappings That combination broke sending mail to a virtual user via the submission port. Virtual user not found... I fixed that by moving receive_override_options=no_address_mappings from main.cf to the pre-cleanup service in master.cf And unlike Patrick's readme, setting the submission port to use the regular cleanup service. I want to be sure what I have now is right. Bypassing the content filter for authenticated submission traffic, but for everything else, wait on address rewriting until after the content filter: 2 ## QUESTION's marked below: I have: >From master.cf: pre-cleanup unix n - n - 0 cleanup -o virtual_alias_maps= -o canonical_maps= -o sender_canonical_maps= -o recipient_canonical_maps= -o masquerade_domains= ## QUESTION: # is this next option redundant or necessary here now # with all the other re-writing things turned off above it? # (I am only using virtual alias maps today) -o receive_override_options=no_address_mappings cleanup unix n - n - 0 cleanup -o mime_header_checks= -o nested_header_checks= -o body_checks= -o header_checks= submission inet n - n - - smtpd -o content_filter= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes ## QUESTION: # unlike Patricks document I am using the regular (post-filter) cleanup for 587 traffic # anything wrong by not using the pre-cleanup here? # -o cleanup_service_name=pre-cleanup pickup fifo n - n 60 1 pickup -o cleanup_service_name=pre-cleanup smtpd pass - - n - - smtpd -o cleanup_service_name=pre-cleanup
