Re: Various questions about Postfix
On Fri, Oct 15, 2021 at 12:53:03AM -0500, Tyler Montney wrote: > Perfect, all of that makes sense. Here's 3 more: You might try the book by Patrick and Ralf, the basics haven't changed. >- The way I understand master.cf is that it spins up services. On demand, unless some idle instances of the service are already up and running and waiting for requests. >For instance, the smtpd service to accept incoming connections on >port 25, These spin up on demand and exit after a number of requests or when idle too long. A lightly loaded system might not have any running much of the time. >or qmgr that handles the various queues (like active and deferred). The qmgr(8) daemon runs indefinitely, until a "stop" or "reload". >For other services that wish to interact with say 'verify', how do >they do this? By connecting to the service socket. >Would it be accurate to compare it to an HTTP routing table? The inetd(8) service and inetd.conf file is a better analogy. >They call postfix with the service name, and in turn get the >executed command? No. They connect to the relevant public or private socket, and the service is started if not already running or busy and the process limit has not been reached. >- Why are Postfix manual pages for these services identical? > - smtp/lmtp Same program implements multiple services. > - bounce/defer/trace Same program implements multiple services. >- Is there any documentation for the service 'relay'? It is an smtp(8) transport, see smtp(8) and ADDRESS_CLASS_README. For more basic background questions, let Patrick and Ralf earn some royalties, and: http://www.postfix.org/OVERVIEW.html http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html and other documents at: http://www.postfix.org/documentation.html -- Viktor.
Re: Various questions about Postfix
Perfect, all of that makes sense. Here's 3 more: - The way I understand master.cf is that it spins up services. For instance, the smtp(d) service to accept incoming connections on port 25, or qmgr that handles the various queues (like active and deferred). For other services that wish to interact with say 'verify', how do they do this? Would it be accurate to compare it to an HTTP routing table? They call postfix with the service name, and in turn get the executed command? - Why are Postfix manual pages for these services identical? - smtp/lmtp - bounce/trace - Is there any documentation for the service 'relay'? On Fri, Oct 15, 2021 at 12:25 AM Viktor Dukhovni wrote: > On Fri, Oct 15, 2021 at 12:15:23AM -0500, Tyler Montney wrote: > > > So by private, you mean services that end users shouldn't be able to > > interact with? Public services have CLI tools (as an interface) whereas > > private ones do not. > > Yes. > > > For wakeup, why would a service need wake up timer? It has no active > > requests so what is it doing when being woke? Perhaps some kind of > > maintenance tasks? > > Services that need to run periodic maintenance tasks are periodically > woken up by the "master" service. The stock master.cf file has > reasonable settings for their wakeup timers. > > For example, the pickup service periodically scans the "maildrop" queue, > just in case Postfix was down when a local message was submitted, or > postdrop(1) failed to notify the pickup(8) service for some reason. > > Similary, qmgr(8) periodically rescans the deferred and incoming queues. > ... > > -- > Viktor. >
Re: Various questions about Postfix
On Fri, Oct 15, 2021 at 12:15:23AM -0500, Tyler Montney wrote: > So by private, you mean services that end users shouldn't be able to > interact with? Public services have CLI tools (as an interface) whereas > private ones do not. Yes. > For wakeup, why would a service need wake up timer? It has no active > requests so what is it doing when being woke? Perhaps some kind of > maintenance tasks? Services that need to run periodic maintenance tasks are periodically woken up by the "master" service. The stock master.cf file has reasonable settings for their wakeup timers. For example, the pickup service periodically scans the "maildrop" queue, just in case Postfix was down when a local message was submitted, or postdrop(1) failed to notify the pickup(8) service for some reason. Similary, qmgr(8) periodically rescans the deferred and incoming queues. ... -- Viktor.
Re: Various questions about Postfix
Thank you. So by private, you mean services that end users shouldn't be able to interact with? Public services have CLI tools (as an interface) whereas private ones do not. For wakeup, why would a service need wake up timer? It has no active requests so what is it doing when being woke? Perhaps some kind of maintenance tasks? On Thu, Oct 14, 2021, 11:45 PM Viktor Dukhovni wrote: > On Thu, Oct 14, 2021 at 09:12:40PM -0500, Tyler Montney wrote: > > > I am doing a deep dive on mail hosting and this includes Postfix. I have > > quite a number of questions about Postfix. Is this the best place to get > > those answered? > > > > To give a sample: > > > >- What does 'private' mean for master.cf? Documentation is quite > scarce. > >I can tell it doesn't apply to inet, but how does that affect other > service > >types? > > Internal services, including all mail transports are private. The > public services are in aid of command-line tools like postdrop(1) > and postqueue(1) to allow local users to interact with a small > set of special services. > > >- For unprivileged (master.cf again) > > - "root privileges or as the owner": Is this the same permissions > > level? What is an example of "the owner"? > > The only services that need retain privileges after pre-jail > initialisation are local(8), virtual(8) and pipe(8), because they > subsequently need to be able to switch to an appropriate uid/gid. > > Otherwise, services should drop privileges. > > >- If a service is unprivileged, who does it run as? > > It runs as $mail_owner (typically "postfix"). > > >- What makes a service 'sleep'? (referring to 'wakeup') > > Not having any active requests. Only specific services > need wakeup. If it does not have a wakeup timer in the > stock master.cf, then no wakeup should be specified, > otherwise there should be a wakeup. > > The services that need wakeup are: > > - qmgr > - pickup > - tlsmgr > - flush > > The last of these is only needed if you support ETRN, which > I generally disable and set "fast_flush_domains" empty if > not empty by default (because relay_domains is empty). > > -- > Viktor. >
Re: Various questions about Postfix
On Thu, Oct 14, 2021 at 09:12:40PM -0500, Tyler Montney wrote: > I am doing a deep dive on mail hosting and this includes Postfix. I have > quite a number of questions about Postfix. Is this the best place to get > those answered? > > To give a sample: > >- What does 'private' mean for master.cf? Documentation is quite scarce. >I can tell it doesn't apply to inet, but how does that affect other service >types? Internal services, including all mail transports are private. The public services are in aid of command-line tools like postdrop(1) and postqueue(1) to allow local users to interact with a small set of special services. >- For unprivileged (master.cf again) > - "root privileges or as the owner": Is this the same permissions > level? What is an example of "the owner"? The only services that need retain privileges after pre-jail initialisation are local(8), virtual(8) and pipe(8), because they subsequently need to be able to switch to an appropriate uid/gid. Otherwise, services should drop privileges. >- If a service is unprivileged, who does it run as? It runs as $mail_owner (typically "postfix"). >- What makes a service 'sleep'? (referring to 'wakeup') Not having any active requests. Only specific services need wakeup. If it does not have a wakeup timer in the stock master.cf, then no wakeup should be specified, otherwise there should be a wakeup. The services that need wakeup are: - qmgr - pickup - tlsmgr - flush The last of these is only needed if you support ETRN, which I generally disable and set "fast_flush_domains" empty if not empty by default (because relay_domains is empty). -- Viktor.
Various questions about Postfix
I am doing a deep dive on mail hosting and this includes Postfix. I have quite a number of questions about Postfix. Is this the best place to get those answered? To give a sample: - What does 'private' mean for master.cf? Documentation is quite scarce. I can tell it doesn't apply to inet, but how does that affect other service types? - For unprivileged (master.cf again) - "root privileges or as the owner": Is this the same permissions level? What is an example of "the owner"? - If a service is unprivileged, who does it run as? - What makes a service 'sleep'? (referring to 'wakeup')
