elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Clearer explanation of custom Postfix settings in iredmail-easy.best.practice.html.

This commit is contained in:
Zhang Huangbin 2020-01-08 09:26:27 +08:00
parent 56d47f24cc
commit b485994998
2 changed files with 128 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
en_US/iredmail-easy/2-iredmail-easy.best.practice.md
View File

@ -283,53 +283,88 @@ iRedMail uses the directory structure recommended by Debian/Ubuntu:
### Postfix ### Postfix
Postfix doesn't support loading main settings (`main.cf` and `master.cf`) from Postfix doesn't support loading main settings (`/etc/postfix/main.cf` and
multiple files. `/etc/postfix/master.cf`) from multiple files, so iRedMail Easy uses alternative
solution to split core and custom settings.
- `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file. - The recommended way is using script `/opt/iredmail/custom/postfix/custom.sh`,
- `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file. modifying settings in `main.cf` and `master.cf` with command `postconf -e`.
Details will be explained later in this section.
- If you have many custom settings, you can maintain your own copy of `main.cf`
and `master.cf` under `/opt/iredmail/custom/postfix/` directory.
- If file `/opt/iredmail/custom/postfix/main.cf` exists, iRedMail Easy will
create `/etc/postfix/main.cf` as symbol link to this file.
- If file `/opt/iredmail/custom/postfix/master.cf` exists, iRedMail Easy
will create `/etc/postfix/master.cf` as symbol link to this file.
For other settings, Postfix is configured to load the one under For other settings, Postfix is configured to load files under
`/opt/iredmail/custom/postfix/` first (this should be maintained by you), then `/opt/iredmail/custom/postfix/` first (they store custom settings and
another one from `/etc/postfix/` (maintained by iRedMail Easy and you should maintained by you), then another one from `/etc/postfix/` (maintained by
NOT update them). If rule defined in first one matches, Postfix will skip the iRedMail Easy and you should __NOT__ modify them). If rule defined in first one
second file. matches, Postfix will skip the second file.
For example, Postfix loads 2 files for HELO access check: For example, Postfix is configured to load 2 files for HELO access check:
- `/opt/iredmail/custom/postfix/helo_access.pcre`: You can add custom HELO ```
access rules in this file, or add rule to override the one defined in smtpd_helo_restrictions =
`/etc/postfix/helo_access.pcre`. If access rule in this file matches, ...
Postfix will ignore the second (and all the rest) files. check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
check_helo_access pcre:/etc/postfix/helo_access.pcre
...
```
- The first one, `/opt/iredmail/custom/postfix/helo_access.pcre`, is used to
store your cusotm HELO access rules. If rule in this file matched,
Postfix will ignore other rules defined later in same file, also the second
file `/etc/postfix/helo_access.pcre`. So you can write rule in first file
for new HELO access, or write same rule with different action to override the
one defined in `/etc/postfix/helo_access.pcre`.
- `/etc/postfix/helo_access.pcre`: This file is maintained by iRedMail Easy, - `/etc/postfix/helo_access.pcre`: This file is maintained by iRedMail Easy,
you should NOT modify it. please do NOT modify it.
You can find some other files for customization under You can find some other files for customization under
`/opt/iredmail/custom/postfix/`. For example: `/opt/iredmail/custom/postfix/`. For example:
- `/opt/iredmail/custom/postfix/postscreen_access.cidr` - `body_checks.pcre`
- `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced - `header_checks.pcre`
customization. It will be ran each time your ran iRedMail Easy deployment or - `command_filter.pcre`
upgrade. - `postscreen_access.cidr`
- ...
For example, to change setting `enable_original_recipient` to `yes` There's also a (Bash) shell scripting for flexible customization:
(defaults to `no` set in `/etc/postfix/main.cf`), you can write one shell `/opt/iredmail/custom/postfix/custom.sh`. It will be ran each time you perform
command in `/opt/iredmail/custom/postfix/custom.sh` like below: deployment or upgrade through iRedMail Easy platform.
For example, to set value of parameter `enable_original_recipient` to `yes`
(defaults to `no` set in `/etc/postfix/main.cf`), you can write command in
`/opt/iredmail/custom/postfix/custom.sh` like below:
``` ```
postconf -e enable_original_recipient=yes postconf -e enable_original_recipient=yes
``` ```
To update settings in `master.cf`, you can run `postconf -M` and To add new or update existing transport settings in `/etc/postfix/master.cf`,
`postconf -P`. For example, create new transport `submission`: you can run `postconf -M` and `postconf -P`. For example, create new transport
`465` for [SMTPS (SMTP over SSL)](./enable.smtps.html):
``` ```
postconf -M submission/inet="submission inet n - n - - smtpd" postconf -M 465/inet="465 inet n - n - - smtpd"
postconf -P "submission/inet/syslog_name=postfix/submission" postconf -P "465/inet/syslog_name=postfix/smtps"
postconf -P "submission/inet/smtpd_tls_security_level=encrypt" postconf -P "465/inet/smtpd_tls_wrappermode=yes"
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes" postconf -P "465/inet/smtpd_sasl_auth_enable=yes"
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject" postconf -P "465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
postconf -P "submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026 postconf -P "465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026"
```
It will generate new lines in `/etc/postfix/master.cf` like below:
```
465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
``` ```
For more details about `postconf` command, please check its manual page: For more details about `postconf` command, please check its manual page:

95
html/iredmail-easy.best.practice.html
View File

@ -407,50 +407,81 @@ index attr_4,attr_5,attr_6 eq,pres
</code></pre> </code></pre>
<h3 id="postfix">Postfix</h3> <h3 id="postfix">Postfix</h3>
<p>Postfix doesn't support loading main settings (<code>main.cf</code> and <code>master.cf</code>) from <p>Postfix doesn't support loading main settings (<code>/etc/postfix/main.cf</code> and
multiple files.</p> <code>/etc/postfix/master.cf</code>) from multiple files, so iRedMail Easy uses alternative
solution to split core and custom settings.</p>
<ul> <ul>
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li> <li>The recommended way is using script <code>/opt/iredmail/custom/postfix/custom.sh</code>,
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li> modifying settings in <code>main.cf</code> and <code>master.cf</code> with command <code>postconf -e</code>.
Details will be explained later in this section.</li>
<li>If you have many custom settings, you can maintain your own copy of <code>main.cf</code>
and <code>master.cf</code> under <code>/opt/iredmail/custom/postfix/</code> directory.<ul>
<li>If file <code>/opt/iredmail/custom/postfix/main.cf</code> exists, iRedMail Easy will
create <code>/etc/postfix/main.cf</code> as symbol link to this file.</li>
<li>If file <code>/opt/iredmail/custom/postfix/master.cf</code> exists, iRedMail Easy
will create <code>/etc/postfix/master.cf</code> as symbol link to this file.</li>
</ul> </ul>
<p>For other settings, Postfix is configured to load the one under </li>
<code>/opt/iredmail/custom/postfix/</code> first (this should be maintained by you), then </ul>
another one from <code>/etc/postfix/</code> (maintained by iRedMail Easy and you should <p>For other settings, Postfix is configured to load files under
NOT update them). If rule defined in first one matches, Postfix will skip the <code>/opt/iredmail/custom/postfix/</code> first (they store custom settings and
second file.</p> maintained by you), then another one from <code>/etc/postfix/</code> (maintained by
<p>For example, Postfix loads 2 files for HELO access check:</p> iRedMail Easy and you should <strong>NOT</strong> modify them). If rule defined in first one
matches, Postfix will skip the second file.</p>
<p>For example, Postfix is configured to load 2 files for HELO access check:</p>
<pre><code>smtpd_helo_restrictions =
...
check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
check_helo_access pcre:/etc/postfix/helo_access.pcre
...
</code></pre>
<ul> <ul>
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code>: You can add custom HELO <li>The first one, <code>/opt/iredmail/custom/postfix/helo_access.pcre</code>, is used to
access rules in this file, or add rule to override the one defined in store your cusotm HELO access rules. If rule in this file matched,
<code>/etc/postfix/helo_access.pcre</code>. If access rule in this file matches, Postfix will ignore other rules defined later in same file, also the second
Postfix will ignore the second (and all the rest) files.</li> file <code>/etc/postfix/helo_access.pcre</code>. So you can write rule in first file
for new HELO access, or write same rule with different action to override the
one defined in <code>/etc/postfix/helo_access.pcre</code>.</li>
<li><code>/etc/postfix/helo_access.pcre</code>: This file is maintained by iRedMail Easy, <li><code>/etc/postfix/helo_access.pcre</code>: This file is maintained by iRedMail Easy,
you should NOT modify it.</li> please do NOT modify it.</li>
</ul> </ul>
<p>You can find some other files for customization under <p>You can find some other files for customization under
<code>/opt/iredmail/custom/postfix/</code>. For example:</p> <code>/opt/iredmail/custom/postfix/</code>. For example:</p>
<ul> <ul>
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li> <li><code>body_checks.pcre</code></li>
<li> <li><code>header_checks.pcre</code></li>
<p><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced <li><code>command_filter.pcre</code></li>
customization. It will be ran each time your ran iRedMail Easy deployment or <li><code>postscreen_access.cidr</code></li>
upgrade.</p> <li>...</li>
<p>For example, to change setting <code>enable_original_recipient</code> to <code>yes</code>
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write one shell
command in <code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
</li>
</ul> </ul>
<p>There's also a (Bash) shell scripting for flexible customization:
<code>/opt/iredmail/custom/postfix/custom.sh</code>. It will be ran each time you perform
deployment or upgrade through iRedMail Easy platform.</p>
<p>For example, to set value of parameter <code>enable_original_recipient</code> to <code>yes</code>
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write command in
<code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
<pre><code>postconf -e enable_original_recipient=yes <pre><code>postconf -e enable_original_recipient=yes
</code></pre> </code></pre>
<p>To update settings in <code>master.cf</code>, you can run <code>postconf -M</code> and <p>To add new or update existing transport settings in <code>/etc/postfix/master.cf</code>,
<code>postconf -P</code>. For example, create new transport <code>submission</code>:</p> you can run <code>postconf -M</code> and <code>postconf -P</code>. For example, create new transport
<pre><code>postconf -M submission/inet=&quot;submission inet n - n - - smtpd&quot; <code>465</code> for <a href="./enable.smtps.html">SMTPS (SMTP over SSL)</a>:</p>
postconf -P &quot;submission/inet/syslog_name=postfix/submission&quot; <pre><code>postconf -M 465/inet=&quot;465 inet n - n - - smtpd&quot;
postconf -P &quot;submission/inet/smtpd_tls_security_level=encrypt&quot; postconf -P &quot;465/inet/syslog_name=postfix/smtps&quot;
postconf -P &quot;submission/inet/smtpd_sasl_auth_enable=yes&quot; postconf -P &quot;465/inet/smtpd_tls_wrappermode=yes&quot;
postconf -P &quot;submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject&quot; postconf -P &quot;465/inet/smtpd_sasl_auth_enable=yes&quot;
postconf -P &quot;submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026 postconf -P &quot;465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject&quot;
postconf -P &quot;465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026&quot;
</code></pre>
<p>It will generate new lines in <code>/etc/postfix/master.cf</code> like below:</p>
<pre><code>465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
</code></pre> </code></pre>
<p>For more details about <code>postconf</code> command, please check its manual page: <p>For more details about <code>postconf</code> command, please check its manual page: