elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Clearer explanation of custom Postfix settings in iredmail-easy.best.practice.html.

This commit is contained in:
Zhang Huangbin 2020-01-08 09:26:27 +08:00
parent 56d47f24cc
commit b485994998
2 changed files with 128 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
en_US/iredmail-easy/2-iredmail-easy.best.practice.md
View File

@ -283,53 +283,88 @@ iRedMail uses the directory structure recommended by Debian/Ubuntu:
### Postfix
Postfix doesn't support loading main settings (`main.cf` and `master.cf`) from
multiple files.
Postfix doesn't support loading main settings (`/etc/postfix/main.cf` and
`/etc/postfix/master.cf`) from multiple files, so iRedMail Easy uses alternative
solution to split core and custom settings.
- `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file.
- `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file.
- The recommended way is using script `/opt/iredmail/custom/postfix/custom.sh`,
modifying settings in `main.cf` and `master.cf` with command `postconf -e`.
Details will be explained later in this section.
- If you have many custom settings, you can maintain your own copy of `main.cf`
and `master.cf` under `/opt/iredmail/custom/postfix/` directory.
- If file `/opt/iredmail/custom/postfix/main.cf` exists, iRedMail Easy will
create `/etc/postfix/main.cf` as symbol link to this file.
- If file `/opt/iredmail/custom/postfix/master.cf` exists, iRedMail Easy
will create `/etc/postfix/master.cf` as symbol link to this file.
For other settings, Postfix is configured to load the one under
`/opt/iredmail/custom/postfix/` first (this should be maintained by you), then
another one from `/etc/postfix/` (maintained by iRedMail Easy and you should
NOT update them). If rule defined in first one matches, Postfix will skip the
second file.
For other settings, Postfix is configured to load files under
`/opt/iredmail/custom/postfix/` first (they store custom settings and
maintained by you), then another one from `/etc/postfix/` (maintained by
iRedMail Easy and you should __NOT__ modify them). If rule defined in first one
matches, Postfix will skip the second file.
For example, Postfix loads 2 files for HELO access check:
For example, Postfix is configured to load 2 files for HELO access check:
- `/opt/iredmail/custom/postfix/helo_access.pcre`: You can add custom HELO
access rules in this file, or add rule to override the one defined in
`/etc/postfix/helo_access.pcre`. If access rule in this file matches,
Postfix will ignore the second (and all the rest) files.
```
smtpd_helo_restrictions =
...
check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
check_helo_access pcre:/etc/postfix/helo_access.pcre
...
```
- The first one, `/opt/iredmail/custom/postfix/helo_access.pcre`, is used to
store your cusotm HELO access rules. If rule in this file matched,
Postfix will ignore other rules defined later in same file, also the second
file `/etc/postfix/helo_access.pcre`. So you can write rule in first file
for new HELO access, or write same rule with different action to override the
one defined in `/etc/postfix/helo_access.pcre`.
- `/etc/postfix/helo_access.pcre`: This file is maintained by iRedMail Easy,
you should NOT modify it.
please do NOT modify it.
You can find some other files for customization under
`/opt/iredmail/custom/postfix/`. For example:
- `/opt/iredmail/custom/postfix/postscreen_access.cidr`
- `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced
customization. It will be ran each time your ran iRedMail Easy deployment or
upgrade.
- `body_checks.pcre`
- `header_checks.pcre`
- `command_filter.pcre`
- `postscreen_access.cidr`
- ...
For example, to change setting `enable_original_recipient` to `yes`
(defaults to `no` set in `/etc/postfix/main.cf`), you can write one shell
command in `/opt/iredmail/custom/postfix/custom.sh` like below:
There's also a (Bash) shell scripting for flexible customization:
`/opt/iredmail/custom/postfix/custom.sh`. It will be ran each time you perform
deployment or upgrade through iRedMail Easy platform.
For example, to set value of parameter `enable_original_recipient` to `yes`
(defaults to `no` set in `/etc/postfix/main.cf`), you can write command in
`/opt/iredmail/custom/postfix/custom.sh` like below:
```
postconf -e enable_original_recipient=yes
```
To update settings in `master.cf`, you can run `postconf -M` and
`postconf -P`. For example, create new transport `submission`:
To add new or update existing transport settings in `/etc/postfix/master.cf`,
you can run `postconf -M` and `postconf -P`. For example, create new transport
`465` for [SMTPS (SMTP over SSL)](./enable.smtps.html):
```
postconf -M submission/inet="submission inet n - n - - smtpd"
postconf -P "submission/inet/syslog_name=postfix/submission"
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
postconf -P "submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026
postconf -M 465/inet="465 inet n - n - - smtpd"
postconf -P "465/inet/syslog_name=postfix/smtps"
postconf -P "465/inet/smtpd_tls_wrappermode=yes"
postconf -P "465/inet/smtpd_sasl_auth_enable=yes"
postconf -P "465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
postconf -P "465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026"
```
It will generate new lines in `/etc/postfix/master.cf` like below:
```
465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
```
For more details about `postconf` command, please check its manual page:

95
html/iredmail-easy.best.practice.html
View File

@ -407,50 +407,81 @@ index attr_4,attr_5,attr_6 eq,pres
</code></pre>
<h3 id="postfix">Postfix</h3>
<p>Postfix doesn't support loading main settings (<code>main.cf</code> and <code>master.cf</code>) from
multiple files.</p>
<p>Postfix doesn't support loading main settings (<code>/etc/postfix/main.cf</code> and
<code>/etc/postfix/master.cf</code>) from multiple files, so iRedMail Easy uses alternative
solution to split core and custom settings.</p>
<ul>
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li>
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li>
<li>The recommended way is using script <code>/opt/iredmail/custom/postfix/custom.sh</code>,
modifying settings in <code>main.cf</code> and <code>master.cf</code> with command <code>postconf -e</code>.
Details will be explained later in this section.</li>
<li>If you have many custom settings, you can maintain your own copy of <code>main.cf</code>
and <code>master.cf</code> under <code>/opt/iredmail/custom/postfix/</code> directory.<ul>
<li>If file <code>/opt/iredmail/custom/postfix/main.cf</code> exists, iRedMail Easy will
create <code>/etc/postfix/main.cf</code> as symbol link to this file.</li>
<li>If file <code>/opt/iredmail/custom/postfix/master.cf</code> exists, iRedMail Easy
will create <code>/etc/postfix/master.cf</code> as symbol link to this file.</li>
</ul>
<p>For other settings, Postfix is configured to load the one under
<code>/opt/iredmail/custom/postfix/</code> first (this should be maintained by you), then
another one from <code>/etc/postfix/</code> (maintained by iRedMail Easy and you should
NOT update them). If rule defined in first one matches, Postfix will skip the
second file.</p>
<p>For example, Postfix loads 2 files for HELO access check:</p>
</li>
</ul>
<p>For other settings, Postfix is configured to load files under
<code>/opt/iredmail/custom/postfix/</code> first (they store custom settings and
maintained by you), then another one from <code>/etc/postfix/</code> (maintained by
iRedMail Easy and you should <strong>NOT</strong> modify them). If rule defined in first one
matches, Postfix will skip the second file.</p>
<p>For example, Postfix is configured to load 2 files for HELO access check:</p>
<pre><code>smtpd_helo_restrictions =
...
check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
check_helo_access pcre:/etc/postfix/helo_access.pcre
...
</code></pre>
<ul>
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code>: You can add custom HELO
access rules in this file, or add rule to override the one defined in
<code>/etc/postfix/helo_access.pcre</code>. If access rule in this file matches,
Postfix will ignore the second (and all the rest) files.</li>
<li>The first one, <code>/opt/iredmail/custom/postfix/helo_access.pcre</code>, is used to
store your cusotm HELO access rules. If rule in this file matched,
Postfix will ignore other rules defined later in same file, also the second
file <code>/etc/postfix/helo_access.pcre</code>. So you can write rule in first file
for new HELO access, or write same rule with different action to override the
one defined in <code>/etc/postfix/helo_access.pcre</code>.</li>
<li><code>/etc/postfix/helo_access.pcre</code>: This file is maintained by iRedMail Easy,
you should NOT modify it.</li>
please do NOT modify it.</li>
</ul>
<p>You can find some other files for customization under
<code>/opt/iredmail/custom/postfix/</code>. For example:</p>
<ul>
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li>
<li>
<p><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced
customization. It will be ran each time your ran iRedMail Easy deployment or
upgrade.</p>
<p>For example, to change setting <code>enable_original_recipient</code> to <code>yes</code>
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write one shell
command in <code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
</li>
<li><code>body_checks.pcre</code></li>
<li><code>header_checks.pcre</code></li>
<li><code>command_filter.pcre</code></li>
<li><code>postscreen_access.cidr</code></li>
<li>...</li>
</ul>
<p>There's also a (Bash) shell scripting for flexible customization:
<code>/opt/iredmail/custom/postfix/custom.sh</code>. It will be ran each time you perform
deployment or upgrade through iRedMail Easy platform.</p>
<p>For example, to set value of parameter <code>enable_original_recipient</code> to <code>yes</code>
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write command in
<code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
<pre><code>postconf -e enable_original_recipient=yes
</code></pre>
<p>To update settings in <code>master.cf</code>, you can run <code>postconf -M</code> and
<code>postconf -P</code>. For example, create new transport <code>submission</code>:</p>
<pre><code>postconf -M submission/inet=&quot;submission inet n - n - - smtpd&quot;
postconf -P &quot;submission/inet/syslog_name=postfix/submission&quot;
postconf -P &quot;submission/inet/smtpd_tls_security_level=encrypt&quot;
postconf -P &quot;submission/inet/smtpd_sasl_auth_enable=yes&quot;
postconf -P &quot;submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject&quot;
postconf -P &quot;submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026
<p>To add new or update existing transport settings in <code>/etc/postfix/master.cf</code>,
you can run <code>postconf -M</code> and <code>postconf -P</code>. For example, create new transport
<code>465</code> for <a href="./enable.smtps.html">SMTPS (SMTP over SSL)</a>:</p>
<pre><code>postconf -M 465/inet=&quot;465 inet n - n - - smtpd&quot;
postconf -P &quot;465/inet/syslog_name=postfix/smtps&quot;
postconf -P &quot;465/inet/smtpd_tls_wrappermode=yes&quot;
postconf -P &quot;465/inet/smtpd_sasl_auth_enable=yes&quot;
postconf -P &quot;465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject&quot;
postconf -P &quot;465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026&quot;
</code></pre>
<p>It will generate new lines in <code>/etc/postfix/master.cf</code> like below:</p>
<pre><code>465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
</code></pre>
<p>For more details about <code>postconf</code> command, please check its manual page: