receive_override_options with 2 cleanups

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

receive_override_options with 2 cleanups

techlist06
Postfix 3.2.2

Post upgrade, I'm revisiting my configuration to be sure I'm taking advantage of current features relative to my old server.

I'm still using 2 cleanup services , pre-cleanup before the content_filter and the regular cleanup after-filter.  

I was using Patrick Koetter's current postfix-amavisd readme as a reference.  
Specifically section 4 on configuring 2 cleanup services.
https://www.ijs.si/software/amavisd/README.postfix.html

I wanted to ensure I was passing the addresses to the content filter unchanged, and having the final cleanup service handle any
rewriting.

I understand from Patrick's document that using 2 cleanup services gives more control than the receive_override_options settings.  

What I'm not sure about is if I need that setting at all now.  

His readme (section 4.2.3) added
 -o cleanup_service_name=pre-cleanup
To the submission port.

And I had this set globally in main.cf
    receive_override_options=no_address_mappings

That combination broke sending mail to a virtual user via the submission port.  Virtual user not found...

I fixed that by moving
     receive_override_options=no_address_mappings
from main.cf to the pre-cleanup service in master.cf
And unlike Patrick's readme, setting the submission port to use the regular cleanup service.  

I want to be sure what I have now is right.  Bypassing the content filter for authenticated submission traffic,
but for everything else, wait on address rewriting until after the content filter:

2 ## QUESTION's marked below:

I have:

From master.cf:

pre-cleanup  unix n     -       n       -       0       cleanup
  -o virtual_alias_maps=
  -o canonical_maps=
  -o sender_canonical_maps=
  -o recipient_canonical_maps=
  -o masquerade_domains=
## QUESTION:
# is this next option redundant or necessary here now
# with all the other re-writing things turned off above it?
# (I am only using virtual alias maps today)
  -o receive_override_options=no_address_mappings  

cleanup unix    n       -       n       -       0       cleanup
  -o mime_header_checks=
  -o nested_header_checks=
  -o body_checks=
  -o header_checks=

submission   inet    n       -       n       -       -       smtpd
  -o content_filter=
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
## QUESTION:
# unlike Patricks document I am using the regular (post-filter) cleanup for 587 traffic
# anything wrong by not using the pre-cleanup here?  
#  -o cleanup_service_name=pre-cleanup

pickup    fifo  n       -       n       60      1       pickup
  -o cleanup_service_name=pre-cleanup
smtpd     pass  -       -       n       -       -       smtpd
  -o cleanup_service_name=pre-cleanup



Loading...