On Thu, Oct 14, 2021 at 09:12:40PM -0500, Tyler Montney wrote:
> I am doing a deep dive on mail hosting and this includes Postfix. I have
> quite a number of questions about Postfix. Is this the best place to get
> those answered?
>
> To give a sample:
>
> - What does 'private' mean for master.cf? Documentation is quite scarce.
> I can tell it doesn't apply to inet, but how does that affect other service
> types?
Internal services, including all mail transports are private. The
public services are in aid of command-line tools like postdrop(1)
and postqueue(1) to allow local users to interact with a small
set of special services.
> - For unprivileged (master.cf again)
> - "root privileges or as the owner": Is this the same permissions
> level? What is an example of "the owner"?
The only services that need retain privileges after pre-jail
initialisation are local(8), virtual(8) and pipe(8), because they
subsequently need to be able to switch to an appropriate uid/gid.
Otherwise, services should drop privileges.
> - If a service is unprivileged, who does it run as?
It runs as $mail_owner (typically "postfix").
> - What makes a service 'sleep'? (referring to 'wakeup')
Not having any active requests. Only specific services
need wakeup. If it does not have a wakeup timer in the
stock master.cf, then no wakeup should be specified,
otherwise there should be a wakeup.
The services that need wakeup are:
- qmgr
- pickup
- tlsmgr
- flush
The last of these is only needed if you support ETRN, which
I generally disable and set "fast_flush_domains" empty if
not empty by default (because relay_domains is empty).
--
Viktor.
