On Thu, Oct 14, 2021 at 09:12:40PM -0500, Tyler Montney wrote: > I am doing a deep dive on mail hosting and this includes Postfix. I have > quite a number of questions about Postfix. Is this the best place to get > those answered? > > To give a sample: > > - What does 'private' mean for master.cf? Documentation is quite scarce. > I can tell it doesn't apply to inet, but how does that affect other service > types?
Internal services, including all mail transports are private. The public services are in aid of command-line tools like postdrop(1) and postqueue(1) to allow local users to interact with a small set of special services. > - For unprivileged (master.cf again) > - "root privileges or as the owner": Is this the same permissions > level? What is an example of "the owner"? The only services that need retain privileges after pre-jail initialisation are local(8), virtual(8) and pipe(8), because they subsequently need to be able to switch to an appropriate uid/gid. Otherwise, services should drop privileges. > - If a service is unprivileged, who does it run as? It runs as $mail_owner (typically "postfix"). > - What makes a service 'sleep'? (referring to 'wakeup') Not having any active requests. Only specific services need wakeup. If it does not have a wakeup timer in the stock master.cf, then no wakeup should be specified, otherwise there should be a wakeup. The services that need wakeup are: - qmgr - pickup - tlsmgr - flush The last of these is only needed if you support ETRN, which I generally disable and set "fast_flush_domains" empty if not empty by default (because relay_domains is empty). -- Viktor.