Loading ...
Sorry, an error occurred while loading the content.

Re: internal relay configuration

Expand Messages
  • Magnus Bäck
    On Monday, July 31, 2006 at 13:40 CEST, ... You should probably make that [smtp.example.com] unless you want MX lookups to take place. ... I d add
    Message 1 of 2 , Jul 31, 2006
    • 0 Attachment
      On Monday, July 31, 2006 at 13:40 CEST,
      Rob Shepherd <rob@...> wrote:

      > I wish to setup the most minimal of postfix configurations, to act as
      > internal relays, sometimes only from the sendmail bin.
      >
      > Each relay will
      >
      > 1. accept only from localhost and the sendmail binary.
      > 2. relay ALL mail to my standard mail server/gateway system.
      > 3. deliver NO mail locally.
      > 4. have the most minimal of configurations required in terms of OS
      > resources needed.
      >
      > Here is my current postfix main.cf
      >
      > mydestination =
      > alias_database =
      > alias_maps =
      > local_recipient_maps =
      > mail_owner = postfix
      > mydomain = example.com
      > mynetworks = 127.0.0.1/32
      > queue_directory = /var/spool/postfix
      > relayhost = smtp.example.com

      You should probably make that [smtp.example.com] unless you want MX
      lookups to take place.

      > setgid_group = postdrop

      I'd add

      smtpd_recipient_restrictions = permit_mynetworks, reject
      local_transport = error:local delivery is disabled

      and comment out the local service from master.cf (see [0]). You may also
      want to add virtual alias mappings as described in [1].

      > I haven't touched master.cf, and I have to create boths groups and the
      > one user, plus the spool dir.
      > How can I minimise the installation requirements? I.e maybe get rid of
      > the postdrop group, use a user which is always in the standard solaris
      > passwd table, drop some of the daemons in master.cf. Just suggestions
      > albeit... no flames reqd..

      You can disable not needed services in master.cf. local has been
      mentioned, and virtual is also okay. If you don't use proxy: maps
      (you don't) then proxymap can be disabled, and you won't need lmtp.

      Disable SMTP connection caching (smtp_connection_cache_on_demand)
      and scache should be safe to remove, tlsmgr should be safe if TLS
      is disabled, verify should not be needed since address verification
      is disabled. That said, these service are only started if needed, so
      if they're enabled but not actually used I don't think you waste more
      than an open socket.

      > In fact i'd like in some instances to not even listen on 127.0.0.1/smtpd
      > at all.

      Just comment the smtpd line in master.cf.

      [0] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
      [1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

      [...]

      --
      Magnus Bäck
      magnus@...
    Your message has been successfully submitted and would be delivered to recipients shortly.