= Postfix Design = The Postfix system has a sophisticated and opinionated design. <> ---- == System == Postfix is a coordination of '''daemons''' and '''queues'''. The queues are: * '''maildrop''' for local mail posted by `sendmail(1)` * '''hold''' for mail that required administrater intervention * '''incoming''' for mail recieved * '''active''' for delivery * '''deferred''' for mail that temporarily failed to deliver Local mail sent by `sendmail(1)` is passed to `postdrop(1)`, which enqueues mail into maildrop. `pickup(8)` then passes mail from maildrop to `cleanup(8)`. Received mail, whether by `smtpd(8)` or `qmqpd(8)`, is passed directly to `cleanup(8)`. `cleanup(8)` passes back and forth with `trivial-rewrite(8)` and enqueues mail into incoming. `qmgr(8)` moves mail from incoming into active and deferred, and schedules delivery by any of `smtp(8)`, `lmtp(8)`, `local(8)`, `virtual(8)`, or `pipe(8)`. `master(8)` manages all daemons. ---- == Master == The `master(8)` configuration file (a.k.a. `master(5)`) looks like: {{{ # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache postlog unix-dgram n - n - 1 postlogd }}} A line beginning with `#` is ignored. A line beginning with whitespace is considered a continuation of the previous line. In this manner, un-commented or re-commenting a line that otherwise begins with whitespace is the method for activating and deactivating options that refer to the preceding service. All other lines should indicate a '''service''' that is active. ---- == Services == Services have implied ports. * `lmtp` implies port 24 * `smtp` implies port 25 * `smtps` implies port 465 and implicit [[Encryption/TLS|TLS]] * `submission` implies port 587 and [[Encryption/STARTTLS|STARTTLS]] ---- CategoryRicottone