Clearer explanation of custom Postfix settings in iredmail-easy.best.practice.html.
This commit is contained in:
parent
56d47f24cc
commit
b485994998
|
@ -283,53 +283,88 @@ iRedMail uses the directory structure recommended by Debian/Ubuntu:
|
||||||
|
|
||||||
### Postfix
|
### Postfix
|
||||||
|
|
||||||
Postfix doesn't support loading main settings (`main.cf` and `master.cf`) from
|
Postfix doesn't support loading main settings (`/etc/postfix/main.cf` and
|
||||||
multiple files.
|
`/etc/postfix/master.cf`) from multiple files, so iRedMail Easy uses alternative
|
||||||
|
solution to split core and custom settings.
|
||||||
|
|
||||||
- `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file.
|
- The recommended way is using script `/opt/iredmail/custom/postfix/custom.sh`,
|
||||||
- `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file.
|
modifying settings in `main.cf` and `master.cf` with command `postconf -e`.
|
||||||
|
Details will be explained later in this section.
|
||||||
|
- If you have many custom settings, you can maintain your own copy of `main.cf`
|
||||||
|
and `master.cf` under `/opt/iredmail/custom/postfix/` directory.
|
||||||
|
- If file `/opt/iredmail/custom/postfix/main.cf` exists, iRedMail Easy will
|
||||||
|
create `/etc/postfix/main.cf` as symbol link to this file.
|
||||||
|
- If file `/opt/iredmail/custom/postfix/master.cf` exists, iRedMail Easy
|
||||||
|
will create `/etc/postfix/master.cf` as symbol link to this file.
|
||||||
|
|
||||||
For other settings, Postfix is configured to load the one under
|
For other settings, Postfix is configured to load files under
|
||||||
`/opt/iredmail/custom/postfix/` first (this should be maintained by you), then
|
`/opt/iredmail/custom/postfix/` first (they store custom settings and
|
||||||
another one from `/etc/postfix/` (maintained by iRedMail Easy and you should
|
maintained by you), then another one from `/etc/postfix/` (maintained by
|
||||||
NOT update them). If rule defined in first one matches, Postfix will skip the
|
iRedMail Easy and you should __NOT__ modify them). If rule defined in first one
|
||||||
second file.
|
matches, Postfix will skip the second file.
|
||||||
|
|
||||||
For example, Postfix loads 2 files for HELO access check:
|
For example, Postfix is configured to load 2 files for HELO access check:
|
||||||
|
|
||||||
- `/opt/iredmail/custom/postfix/helo_access.pcre`: You can add custom HELO
|
```
|
||||||
access rules in this file, or add rule to override the one defined in
|
smtpd_helo_restrictions =
|
||||||
`/etc/postfix/helo_access.pcre`. If access rule in this file matches,
|
...
|
||||||
Postfix will ignore the second (and all the rest) files.
|
check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
|
||||||
|
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
- The first one, `/opt/iredmail/custom/postfix/helo_access.pcre`, is used to
|
||||||
|
store your cusotm HELO access rules. If rule in this file matched,
|
||||||
|
Postfix will ignore other rules defined later in same file, also the second
|
||||||
|
file `/etc/postfix/helo_access.pcre`. So you can write rule in first file
|
||||||
|
for new HELO access, or write same rule with different action to override the
|
||||||
|
one defined in `/etc/postfix/helo_access.pcre`.
|
||||||
- `/etc/postfix/helo_access.pcre`: This file is maintained by iRedMail Easy,
|
- `/etc/postfix/helo_access.pcre`: This file is maintained by iRedMail Easy,
|
||||||
you should NOT modify it.
|
please do NOT modify it.
|
||||||
|
|
||||||
You can find some other files for customization under
|
You can find some other files for customization under
|
||||||
`/opt/iredmail/custom/postfix/`. For example:
|
`/opt/iredmail/custom/postfix/`. For example:
|
||||||
|
|
||||||
- `/opt/iredmail/custom/postfix/postscreen_access.cidr`
|
- `body_checks.pcre`
|
||||||
- `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced
|
- `header_checks.pcre`
|
||||||
customization. It will be ran each time your ran iRedMail Easy deployment or
|
- `command_filter.pcre`
|
||||||
upgrade.
|
- `postscreen_access.cidr`
|
||||||
|
- ...
|
||||||
|
|
||||||
For example, to change setting `enable_original_recipient` to `yes`
|
There's also a (Bash) shell scripting for flexible customization:
|
||||||
(defaults to `no` set in `/etc/postfix/main.cf`), you can write one shell
|
`/opt/iredmail/custom/postfix/custom.sh`. It will be ran each time you perform
|
||||||
command in `/opt/iredmail/custom/postfix/custom.sh` like below:
|
deployment or upgrade through iRedMail Easy platform.
|
||||||
|
|
||||||
|
For example, to set value of parameter `enable_original_recipient` to `yes`
|
||||||
|
(defaults to `no` set in `/etc/postfix/main.cf`), you can write command in
|
||||||
|
`/opt/iredmail/custom/postfix/custom.sh` like below:
|
||||||
|
|
||||||
```
|
```
|
||||||
postconf -e enable_original_recipient=yes
|
postconf -e enable_original_recipient=yes
|
||||||
```
|
```
|
||||||
|
|
||||||
To update settings in `master.cf`, you can run `postconf -M` and
|
To add new or update existing transport settings in `/etc/postfix/master.cf`,
|
||||||
`postconf -P`. For example, create new transport `submission`:
|
you can run `postconf -M` and `postconf -P`. For example, create new transport
|
||||||
|
`465` for [SMTPS (SMTP over SSL)](./enable.smtps.html):
|
||||||
|
|
||||||
```
|
```
|
||||||
postconf -M submission/inet="submission inet n - n - - smtpd"
|
postconf -M 465/inet="465 inet n - n - - smtpd"
|
||||||
postconf -P "submission/inet/syslog_name=postfix/submission"
|
postconf -P "465/inet/syslog_name=postfix/smtps"
|
||||||
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
|
postconf -P "465/inet/smtpd_tls_wrappermode=yes"
|
||||||
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
|
postconf -P "465/inet/smtpd_sasl_auth_enable=yes"
|
||||||
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
postconf -P "465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
||||||
postconf -P "submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026
|
postconf -P "465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026"
|
||||||
|
```
|
||||||
|
|
||||||
|
It will generate new lines in `/etc/postfix/master.cf` like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
465 inet n - n - - smtpd
|
||||||
|
-o syslog_name=postfix/smtps
|
||||||
|
-o smtpd_tls_wrappermode=yes
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||||
|
-o content_filter=smtp-amavis:[127.0.0.1]:10026
|
||||||
```
|
```
|
||||||
|
|
||||||
For more details about `postconf` command, please check its manual page:
|
For more details about `postconf` command, please check its manual page:
|
||||||
|
|
|
@ -407,50 +407,81 @@ index attr_4,attr_5,attr_6 eq,pres
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<h3 id="postfix">Postfix</h3>
|
<h3 id="postfix">Postfix</h3>
|
||||||
<p>Postfix doesn't support loading main settings (<code>main.cf</code> and <code>master.cf</code>) from
|
<p>Postfix doesn't support loading main settings (<code>/etc/postfix/main.cf</code> and
|
||||||
multiple files.</p>
|
<code>/etc/postfix/master.cf</code>) from multiple files, so iRedMail Easy uses alternative
|
||||||
|
solution to split core and custom settings.</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li>
|
<li>The recommended way is using script <code>/opt/iredmail/custom/postfix/custom.sh</code>,
|
||||||
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li>
|
modifying settings in <code>main.cf</code> and <code>master.cf</code> with command <code>postconf -e</code>.
|
||||||
|
Details will be explained later in this section.</li>
|
||||||
|
<li>If you have many custom settings, you can maintain your own copy of <code>main.cf</code>
|
||||||
|
and <code>master.cf</code> under <code>/opt/iredmail/custom/postfix/</code> directory.<ul>
|
||||||
|
<li>If file <code>/opt/iredmail/custom/postfix/main.cf</code> exists, iRedMail Easy will
|
||||||
|
create <code>/etc/postfix/main.cf</code> as symbol link to this file.</li>
|
||||||
|
<li>If file <code>/opt/iredmail/custom/postfix/master.cf</code> exists, iRedMail Easy
|
||||||
|
will create <code>/etc/postfix/master.cf</code> as symbol link to this file.</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>For other settings, Postfix is configured to load the one under
|
</li>
|
||||||
<code>/opt/iredmail/custom/postfix/</code> first (this should be maintained by you), then
|
</ul>
|
||||||
another one from <code>/etc/postfix/</code> (maintained by iRedMail Easy and you should
|
<p>For other settings, Postfix is configured to load files under
|
||||||
NOT update them). If rule defined in first one matches, Postfix will skip the
|
<code>/opt/iredmail/custom/postfix/</code> first (they store custom settings and
|
||||||
second file.</p>
|
maintained by you), then another one from <code>/etc/postfix/</code> (maintained by
|
||||||
<p>For example, Postfix loads 2 files for HELO access check:</p>
|
iRedMail Easy and you should <strong>NOT</strong> modify them). If rule defined in first one
|
||||||
|
matches, Postfix will skip the second file.</p>
|
||||||
|
<p>For example, Postfix is configured to load 2 files for HELO access check:</p>
|
||||||
|
<pre><code>smtpd_helo_restrictions =
|
||||||
|
...
|
||||||
|
check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
|
||||||
|
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||||
|
...
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code>: You can add custom HELO
|
<li>The first one, <code>/opt/iredmail/custom/postfix/helo_access.pcre</code>, is used to
|
||||||
access rules in this file, or add rule to override the one defined in
|
store your cusotm HELO access rules. If rule in this file matched,
|
||||||
<code>/etc/postfix/helo_access.pcre</code>. If access rule in this file matches,
|
Postfix will ignore other rules defined later in same file, also the second
|
||||||
Postfix will ignore the second (and all the rest) files.</li>
|
file <code>/etc/postfix/helo_access.pcre</code>. So you can write rule in first file
|
||||||
|
for new HELO access, or write same rule with different action to override the
|
||||||
|
one defined in <code>/etc/postfix/helo_access.pcre</code>.</li>
|
||||||
<li><code>/etc/postfix/helo_access.pcre</code>: This file is maintained by iRedMail Easy,
|
<li><code>/etc/postfix/helo_access.pcre</code>: This file is maintained by iRedMail Easy,
|
||||||
you should NOT modify it.</li>
|
please do NOT modify it.</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>You can find some other files for customization under
|
<p>You can find some other files for customization under
|
||||||
<code>/opt/iredmail/custom/postfix/</code>. For example:</p>
|
<code>/opt/iredmail/custom/postfix/</code>. For example:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li>
|
<li><code>body_checks.pcre</code></li>
|
||||||
<li>
|
<li><code>header_checks.pcre</code></li>
|
||||||
<p><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced
|
<li><code>command_filter.pcre</code></li>
|
||||||
customization. It will be ran each time your ran iRedMail Easy deployment or
|
<li><code>postscreen_access.cidr</code></li>
|
||||||
upgrade.</p>
|
<li>...</li>
|
||||||
<p>For example, to change setting <code>enable_original_recipient</code> to <code>yes</code>
|
|
||||||
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write one shell
|
|
||||||
command in <code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
|
|
||||||
</li>
|
|
||||||
</ul>
|
</ul>
|
||||||
|
<p>There's also a (Bash) shell scripting for flexible customization:
|
||||||
|
<code>/opt/iredmail/custom/postfix/custom.sh</code>. It will be ran each time you perform
|
||||||
|
deployment or upgrade through iRedMail Easy platform.</p>
|
||||||
|
<p>For example, to set value of parameter <code>enable_original_recipient</code> to <code>yes</code>
|
||||||
|
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write command in
|
||||||
|
<code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
|
||||||
<pre><code>postconf -e enable_original_recipient=yes
|
<pre><code>postconf -e enable_original_recipient=yes
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<p>To update settings in <code>master.cf</code>, you can run <code>postconf -M</code> and
|
<p>To add new or update existing transport settings in <code>/etc/postfix/master.cf</code>,
|
||||||
<code>postconf -P</code>. For example, create new transport <code>submission</code>:</p>
|
you can run <code>postconf -M</code> and <code>postconf -P</code>. For example, create new transport
|
||||||
<pre><code>postconf -M submission/inet="submission inet n - n - - smtpd"
|
<code>465</code> for <a href="./enable.smtps.html">SMTPS (SMTP over SSL)</a>:</p>
|
||||||
postconf -P "submission/inet/syslog_name=postfix/submission"
|
<pre><code>postconf -M 465/inet="465 inet n - n - - smtpd"
|
||||||
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
|
postconf -P "465/inet/syslog_name=postfix/smtps"
|
||||||
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
|
postconf -P "465/inet/smtpd_tls_wrappermode=yes"
|
||||||
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
postconf -P "465/inet/smtpd_sasl_auth_enable=yes"
|
||||||
postconf -P "submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026
|
postconf -P "465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
||||||
|
postconf -P "465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026"
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>It will generate new lines in <code>/etc/postfix/master.cf</code> like below:</p>
|
||||||
|
<pre><code>465 inet n - n - - smtpd
|
||||||
|
-o syslog_name=postfix/smtps
|
||||||
|
-o smtpd_tls_wrappermode=yes
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||||
|
-o content_filter=smtp-amavis:[127.0.0.1]:10026
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<p>For more details about <code>postconf</code> command, please check its manual page:
|
<p>For more details about <code>postconf</code> command, please check its manual page:
|
||||||
|
|
Loading…
Reference in New Issue