Clearer explanation of custom Postfix settings in iredmail-easy.best.practice.html.
This commit is contained in:
parent
56d47f24cc
commit
b485994998
|
@ -283,53 +283,88 @@ iRedMail uses the directory structure recommended by Debian/Ubuntu:
|
|||
|
||||
### Postfix
|
||||
|
||||
Postfix doesn't support loading main settings (`main.cf` and `master.cf`) from
|
||||
multiple files.
|
||||
Postfix doesn't support loading main settings (`/etc/postfix/main.cf` and
|
||||
`/etc/postfix/master.cf`) from multiple files, so iRedMail Easy uses alternative
|
||||
solution to split core and custom settings.
|
||||
|
||||
- `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file.
|
||||
- `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file.
|
||||
- The recommended way is using script `/opt/iredmail/custom/postfix/custom.sh`,
|
||||
modifying settings in `main.cf` and `master.cf` with command `postconf -e`.
|
||||
Details will be explained later in this section.
|
||||
- If you have many custom settings, you can maintain your own copy of `main.cf`
|
||||
and `master.cf` under `/opt/iredmail/custom/postfix/` directory.
|
||||
- If file `/opt/iredmail/custom/postfix/main.cf` exists, iRedMail Easy will
|
||||
create `/etc/postfix/main.cf` as symbol link to this file.
|
||||
- If file `/opt/iredmail/custom/postfix/master.cf` exists, iRedMail Easy
|
||||
will create `/etc/postfix/master.cf` as symbol link to this file.
|
||||
|
||||
For other settings, Postfix is configured to load the one under
|
||||
`/opt/iredmail/custom/postfix/` first (this should be maintained by you), then
|
||||
another one from `/etc/postfix/` (maintained by iRedMail Easy and you should
|
||||
NOT update them). If rule defined in first one matches, Postfix will skip the
|
||||
second file.
|
||||
For other settings, Postfix is configured to load files under
|
||||
`/opt/iredmail/custom/postfix/` first (they store custom settings and
|
||||
maintained by you), then another one from `/etc/postfix/` (maintained by
|
||||
iRedMail Easy and you should __NOT__ modify them). If rule defined in first one
|
||||
matches, Postfix will skip the second file.
|
||||
|
||||
For example, Postfix loads 2 files for HELO access check:
|
||||
For example, Postfix is configured to load 2 files for HELO access check:
|
||||
|
||||
- `/opt/iredmail/custom/postfix/helo_access.pcre`: You can add custom HELO
|
||||
access rules in this file, or add rule to override the one defined in
|
||||
`/etc/postfix/helo_access.pcre`. If access rule in this file matches,
|
||||
Postfix will ignore the second (and all the rest) files.
|
||||
```
|
||||
smtpd_helo_restrictions =
|
||||
...
|
||||
check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
|
||||
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||
...
|
||||
```
|
||||
|
||||
- The first one, `/opt/iredmail/custom/postfix/helo_access.pcre`, is used to
|
||||
store your cusotm HELO access rules. If rule in this file matched,
|
||||
Postfix will ignore other rules defined later in same file, also the second
|
||||
file `/etc/postfix/helo_access.pcre`. So you can write rule in first file
|
||||
for new HELO access, or write same rule with different action to override the
|
||||
one defined in `/etc/postfix/helo_access.pcre`.
|
||||
- `/etc/postfix/helo_access.pcre`: This file is maintained by iRedMail Easy,
|
||||
you should NOT modify it.
|
||||
please do NOT modify it.
|
||||
|
||||
You can find some other files for customization under
|
||||
`/opt/iredmail/custom/postfix/`. For example:
|
||||
|
||||
- `/opt/iredmail/custom/postfix/postscreen_access.cidr`
|
||||
- `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced
|
||||
customization. It will be ran each time your ran iRedMail Easy deployment or
|
||||
upgrade.
|
||||
- `body_checks.pcre`
|
||||
- `header_checks.pcre`
|
||||
- `command_filter.pcre`
|
||||
- `postscreen_access.cidr`
|
||||
- ...
|
||||
|
||||
For example, to change setting `enable_original_recipient` to `yes`
|
||||
(defaults to `no` set in `/etc/postfix/main.cf`), you can write one shell
|
||||
command in `/opt/iredmail/custom/postfix/custom.sh` like below:
|
||||
There's also a (Bash) shell scripting for flexible customization:
|
||||
`/opt/iredmail/custom/postfix/custom.sh`. It will be ran each time you perform
|
||||
deployment or upgrade through iRedMail Easy platform.
|
||||
|
||||
For example, to set value of parameter `enable_original_recipient` to `yes`
|
||||
(defaults to `no` set in `/etc/postfix/main.cf`), you can write command in
|
||||
`/opt/iredmail/custom/postfix/custom.sh` like below:
|
||||
|
||||
```
|
||||
postconf -e enable_original_recipient=yes
|
||||
```
|
||||
|
||||
To update settings in `master.cf`, you can run `postconf -M` and
|
||||
`postconf -P`. For example, create new transport `submission`:
|
||||
To add new or update existing transport settings in `/etc/postfix/master.cf`,
|
||||
you can run `postconf -M` and `postconf -P`. For example, create new transport
|
||||
`465` for [SMTPS (SMTP over SSL)](./enable.smtps.html):
|
||||
|
||||
```
|
||||
postconf -M submission/inet="submission inet n - n - - smtpd"
|
||||
postconf -P "submission/inet/syslog_name=postfix/submission"
|
||||
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
|
||||
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
|
||||
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
||||
postconf -P "submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026
|
||||
postconf -M 465/inet="465 inet n - n - - smtpd"
|
||||
postconf -P "465/inet/syslog_name=postfix/smtps"
|
||||
postconf -P "465/inet/smtpd_tls_wrappermode=yes"
|
||||
postconf -P "465/inet/smtpd_sasl_auth_enable=yes"
|
||||
postconf -P "465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
||||
postconf -P "465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026"
|
||||
```
|
||||
|
||||
It will generate new lines in `/etc/postfix/master.cf` like below:
|
||||
|
||||
```
|
||||
465 inet n - n - - smtpd
|
||||
-o syslog_name=postfix/smtps
|
||||
-o smtpd_tls_wrappermode=yes
|
||||
-o smtpd_sasl_auth_enable=yes
|
||||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||
-o content_filter=smtp-amavis:[127.0.0.1]:10026
|
||||
```
|
||||
|
||||
For more details about `postconf` command, please check its manual page:
|
||||
|
|
|
@ -407,50 +407,81 @@ index attr_4,attr_5,attr_6 eq,pres
|
|||
</code></pre>
|
||||
|
||||
<h3 id="postfix">Postfix</h3>
|
||||
<p>Postfix doesn't support loading main settings (<code>main.cf</code> and <code>master.cf</code>) from
|
||||
multiple files.</p>
|
||||
<p>Postfix doesn't support loading main settings (<code>/etc/postfix/main.cf</code> and
|
||||
<code>/etc/postfix/master.cf</code>) from multiple files, so iRedMail Easy uses alternative
|
||||
solution to split core and custom settings.</p>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li>
|
||||
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li>
|
||||
<li>The recommended way is using script <code>/opt/iredmail/custom/postfix/custom.sh</code>,
|
||||
modifying settings in <code>main.cf</code> and <code>master.cf</code> with command <code>postconf -e</code>.
|
||||
Details will be explained later in this section.</li>
|
||||
<li>If you have many custom settings, you can maintain your own copy of <code>main.cf</code>
|
||||
and <code>master.cf</code> under <code>/opt/iredmail/custom/postfix/</code> directory.<ul>
|
||||
<li>If file <code>/opt/iredmail/custom/postfix/main.cf</code> exists, iRedMail Easy will
|
||||
create <code>/etc/postfix/main.cf</code> as symbol link to this file.</li>
|
||||
<li>If file <code>/opt/iredmail/custom/postfix/master.cf</code> exists, iRedMail Easy
|
||||
will create <code>/etc/postfix/master.cf</code> as symbol link to this file.</li>
|
||||
</ul>
|
||||
<p>For other settings, Postfix is configured to load the one under
|
||||
<code>/opt/iredmail/custom/postfix/</code> first (this should be maintained by you), then
|
||||
another one from <code>/etc/postfix/</code> (maintained by iRedMail Easy and you should
|
||||
NOT update them). If rule defined in first one matches, Postfix will skip the
|
||||
second file.</p>
|
||||
<p>For example, Postfix loads 2 files for HELO access check:</p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>For other settings, Postfix is configured to load files under
|
||||
<code>/opt/iredmail/custom/postfix/</code> first (they store custom settings and
|
||||
maintained by you), then another one from <code>/etc/postfix/</code> (maintained by
|
||||
iRedMail Easy and you should <strong>NOT</strong> modify them). If rule defined in first one
|
||||
matches, Postfix will skip the second file.</p>
|
||||
<p>For example, Postfix is configured to load 2 files for HELO access check:</p>
|
||||
<pre><code>smtpd_helo_restrictions =
|
||||
...
|
||||
check_helo_access pcre:/opt/iredmail/custom/postfix/helo_access.pcre
|
||||
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||
...
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code>: You can add custom HELO
|
||||
access rules in this file, or add rule to override the one defined in
|
||||
<code>/etc/postfix/helo_access.pcre</code>. If access rule in this file matches,
|
||||
Postfix will ignore the second (and all the rest) files.</li>
|
||||
<li>The first one, <code>/opt/iredmail/custom/postfix/helo_access.pcre</code>, is used to
|
||||
store your cusotm HELO access rules. If rule in this file matched,
|
||||
Postfix will ignore other rules defined later in same file, also the second
|
||||
file <code>/etc/postfix/helo_access.pcre</code>. So you can write rule in first file
|
||||
for new HELO access, or write same rule with different action to override the
|
||||
one defined in <code>/etc/postfix/helo_access.pcre</code>.</li>
|
||||
<li><code>/etc/postfix/helo_access.pcre</code>: This file is maintained by iRedMail Easy,
|
||||
you should NOT modify it.</li>
|
||||
please do NOT modify it.</li>
|
||||
</ul>
|
||||
<p>You can find some other files for customization under
|
||||
<code>/opt/iredmail/custom/postfix/</code>. For example:</p>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li>
|
||||
<li>
|
||||
<p><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced
|
||||
customization. It will be ran each time your ran iRedMail Easy deployment or
|
||||
upgrade.</p>
|
||||
<p>For example, to change setting <code>enable_original_recipient</code> to <code>yes</code>
|
||||
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write one shell
|
||||
command in <code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
|
||||
</li>
|
||||
<li><code>body_checks.pcre</code></li>
|
||||
<li><code>header_checks.pcre</code></li>
|
||||
<li><code>command_filter.pcre</code></li>
|
||||
<li><code>postscreen_access.cidr</code></li>
|
||||
<li>...</li>
|
||||
</ul>
|
||||
<p>There's also a (Bash) shell scripting for flexible customization:
|
||||
<code>/opt/iredmail/custom/postfix/custom.sh</code>. It will be ran each time you perform
|
||||
deployment or upgrade through iRedMail Easy platform.</p>
|
||||
<p>For example, to set value of parameter <code>enable_original_recipient</code> to <code>yes</code>
|
||||
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write command in
|
||||
<code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
|
||||
<pre><code>postconf -e enable_original_recipient=yes
|
||||
</code></pre>
|
||||
|
||||
<p>To update settings in <code>master.cf</code>, you can run <code>postconf -M</code> and
|
||||
<code>postconf -P</code>. For example, create new transport <code>submission</code>:</p>
|
||||
<pre><code>postconf -M submission/inet="submission inet n - n - - smtpd"
|
||||
postconf -P "submission/inet/syslog_name=postfix/submission"
|
||||
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
|
||||
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
|
||||
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
||||
postconf -P "submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026
|
||||
<p>To add new or update existing transport settings in <code>/etc/postfix/master.cf</code>,
|
||||
you can run <code>postconf -M</code> and <code>postconf -P</code>. For example, create new transport
|
||||
<code>465</code> for <a href="./enable.smtps.html">SMTPS (SMTP over SSL)</a>:</p>
|
||||
<pre><code>postconf -M 465/inet="465 inet n - n - - smtpd"
|
||||
postconf -P "465/inet/syslog_name=postfix/smtps"
|
||||
postconf -P "465/inet/smtpd_tls_wrappermode=yes"
|
||||
postconf -P "465/inet/smtpd_sasl_auth_enable=yes"
|
||||
postconf -P "465/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
||||
postconf -P "465/inet/content_filter=smtp-amavis:[127.0.0.1]:10026"
|
||||
</code></pre>
|
||||
|
||||
<p>It will generate new lines in <code>/etc/postfix/master.cf</code> like below:</p>
|
||||
<pre><code>465 inet n - n - - smtpd
|
||||
-o syslog_name=postfix/smtps
|
||||
-o smtpd_tls_wrappermode=yes
|
||||
-o smtpd_sasl_auth_enable=yes
|
||||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||
-o content_filter=smtp-amavis:[127.0.0.1]:10026
|
||||
</code></pre>
|
||||
|
||||
<p>For more details about <code>postconf</code> command, please check its manual page:
|
||||
|
|
Loading…
Reference in New Issue