Re: internal relay configuration
- On Monday, July 31, 2006 at 13:40 CEST,
Rob Shepherd <rob@...> wrote:
> I wish to setup the most minimal of postfix configurations, to act asYou should probably make that [smtp.example.com] unless you want MX
> internal relays, sometimes only from the sendmail bin.
> Each relay will
> 1. accept only from localhost and the sendmail binary.
> 2. relay ALL mail to my standard mail server/gateway system.
> 3. deliver NO mail locally.
> 4. have the most minimal of configurations required in terms of OS
> resources needed.
> Here is my current postfix main.cf
> mydestination =
> alias_database =
> alias_maps =
> local_recipient_maps =
> mail_owner = postfix
> mydomain = example.com
> mynetworks = 127.0.0.1/32
> queue_directory = /var/spool/postfix
> relayhost = smtp.example.com
lookups to take place.
> setgid_group = postdropI'd add
smtpd_recipient_restrictions = permit_mynetworks, reject
local_transport = error:local delivery is disabled
and comment out the local service from master.cf (see ). You may also
want to add virtual alias mappings as described in .
> I haven't touched master.cf, and I have to create boths groups and theYou can disable not needed services in master.cf. local has been
> one user, plus the spool dir.
> How can I minimise the installation requirements? I.e maybe get rid of
> the postdrop group, use a user which is always in the standard solaris
> passwd table, drop some of the daemons in master.cf. Just suggestions
> albeit... no flames reqd..
mentioned, and virtual is also okay. If you don't use proxy: maps
(you don't) then proxymap can be disabled, and you won't need lmtp.
Disable SMTP connection caching (smtp_connection_cache_on_demand)
and scache should be safe to remove, tlsmgr should be safe if TLS
is disabled, verify should not be needed since address verification
is disabled. That said, these service are only started if needed, so
if they're enabled but not actually used I don't think you waste more
than an open socket.
> In fact i'd like in some instances to not even listen on 127.0.0.1/smtpdJust comment the smtpd line in master.cf.
> at all.